It seems this blog got hacked recently. A couple of posts had the following code inserted into them:
/* */ edToolbar() ...(post text)... edCanvas = document.getElementById('content');
This was on WordPress 3.2.1. I've now updated to 3.5; hopefully this won't recur, but it's something to watch out for if you're running blogs using older versions… a quick Google search indicates plenty of people have been hit but haven't noticed.