(YUI2 javascript) - JavaScript does not work inside yui dialog

I try to insert JavaScript code to YAHOO.widget.Dialog.setBody(...), bit this does not work in Chrome (I have Ubuntu) (In Firefox the code is working)

The h开发者_开发问答tml file (simple example that not working in chrome browser):

<html>
    <head>
        <link rel="stylesheet" type="text/css" href="http://yui.yahooapis.com/combo?2.8.2r1/build/container/assets/skins/sam/container.css">
        <script type="text/javascript" src="http://yui.yahooapis.com/combo?2.8.2r1/build/yahoo-dom-event/yahoo-dom-event.js&2.8.2r1/build/container/container-min.js"></script>
    </head>
    <body class="yui-skin-sam">
        <script type="text/javascript">
            previewDialog = new YAHOO.widget.Dialog("previewDialog", { width: "600px", visible: true});
            previewDialog.setBody('<h2>h2 text h2'+'<script>'+'alert("alert text alert");'+'<'+'/script>'+'</h2>');
            previewDialog.render(document.body);
        </script>
    </body>
</html>

How can be my code fixed for working in chrome?

(In real project I try to insert more complicated javascript code)

I don't have a solution, but I am having the same problem.

I opened up Google Chrome's built in developer console and see several warnings:

[blocked] The page at https://c.na15.visual.force.com/apex/SkillsMatrix?core.apexpages.devmode.url=1 ran insecure content from http://yui.yahooapis.com/combo?2.7.0/build/yahoo-dom-event/yahoo-dom-event.….0/build/animation/animation-min.js&2.7.0/build/container/container-min.js. SkillsMatrix?core.apexpages.devmode.url=1:1 [blocked] The page at https://c.na15.visual.force.com/apex/SkillsMatrix?core.apexpages.devmode.url=1 ran insecure content from http://yui.yahooapis.com/combo?2.7.0/build/container/assets/skins/sam/container.css. SkillsMatrix?core.apexpages.devmode.url=1:3 [blocked] The page at https://c.na15.visual.force.com/apex/SkillsMatrix?core.apexpages.devmode.url=1 ran insecure content from http://yui.yahooapis.com/combo?2.7.0/build/yahoo-dom-event/yahoo-dom-event.….0/build/animation/animation-min.js&2.7.0/build/container/container-min.js. SkillsMatrix:1 [blocked] The page at https://c.na15.visual.force.com/apex/SkillsMatrix?core.apexpages.devmode.url=1 ran insecure content from http://yui.yahooapis.com/combo?2.7.0/build/container/assets/skins/sam/container.css.

I think the problem (at least for me) is that Chrome is most vigilantly enforcing a "Same Origin Policy" (cf. http://en.wikipedia.org/wiki/Same_origin_policy ).

The Force Times ( http://theforcetimes.wordpress.com/ ) currently writes about using an "AJAX Proxy" which may help to resolve some such issues. (His article is SFDC-centric but perhaps the principle will help if this is the problem you are having and you can establish your own proxy somewhere.)

It requires additional button-min.js and element-min.js with corresponding CSS as well.