fix(block-editor): guard StoryBlock JSON parsing against non-object scalars

[fmontes]

Fixes regression from #35412: /api/content/_search throws Cannot deserialize value of type LinkedHashMap from Integer when a Story Block references a contentlet with scalar field values.

Fix

1. JSON guard. JsonUtil.isValidJSON() returns true for scalars (42, "foo", [1,2]). Replaced with isJsonObject() (valid JSON + starts with {) at the 4 call sites feeding toMap(). HTML strings correctly skip refresh (no {).

2. Failure isolation. One bad contentlet was killing the whole search response. Now:

• ContentletTransformer.refreshStoryBlockReferences catches/logs — bad contentlet returns un-refreshed.
• StoryBlockAPIImpl.isRefreshed isolates each child block.
• StoryBlockAPIImpl.refreshContentlet isolates each field (falls back to raw value).

QA

Re-run QA from #35408 (PR #35412) and #35403 (PR #35413).

Plus: via Content REST API, create a contentlet with raw HTML as the Block Editor field value (e.g. <p>hello</p>). Confirm create + update + _search + edit-UI all work without MismatchedInputException in logs.

Tests

• test_refreshStoryBlockValueReferences_with_non_object_json_scalars — numeric/string/boolean/array/HTML inputs
• test_refreshStoryBlockValueReferences_isolates_bad_child_block — inner isolation
• test_refreshReferences_does_not_throw_on_malformed_nested_block — API-level resilience

[claude]

Claude finished @fmontes's task in 2m 36s —— View job

---

Review

• Gather context
• Review StoryBlockAPIImpl.java
• Review ContentletTransformer.java
• Review StoryBlockAPITest.java
• Post findings

---

Issues

1. ESContentFactoryImpl.processCachedContentlet is unprotected — the resilience fix is incomplete

refreshStoryBlockValueReferences still re-throws at line 217 of StoryBlockAPIImpl:

} catch (final Exception e) {
    ...
    throw new DotRuntimeException(errorMsg, e);   // ← still throws
}

refreshReferences propagates that exception. ContentletTransformer.refreshStoryBlockReferences now catches it, but there is a second, unguarded call site in ESContentFactoryImpl.processCachedContentlet (line 858):

final StoryBlockReferenceResult storyBlockRefreshedResult =
        APILocator.getStoryBlockAPI().refreshReferences(cachedContentlet);   // no try-catch

The isJsonObject guard eliminates the specific scalar bug, but any other toMap() failure on a valid-but-malformed JSON object will still reach this unguarded call site and can break cache lookups. Either wrap processCachedContentlet's call site or remove the rethrow and return the original contentlet instead, consistent with how isRefreshed handles per-block failures. Fix this →

---

2. Double Javadoc block in StoryBlockAPITest.java

There are two consecutive /** ... */ blocks immediately before test_refreshReferences_does_not_throw_on_malformed_nested_block. The first one (referencing refreshStoryBlockValueReferences) is a copy-paste leftover and should be removed. Java silently drops it but it misleads readers. Fix this →

---

3. Missing getValue() assertions for string, boolean, and array inputs

(Copilot also flagged this.) test_refreshStoryBlockValueReferences_with_non_object_json_scalars asserts isRefreshed() == false for "hello", true, and [1,2,3] but does not call assertEquals on the returned value. The Javadoc says the original value must be returned unchanged — the test should prove that. Fix this →

---

4. test_refreshStoryBlockValueReferences_isolates_bad_child_block only asserts non-null

The only assertion is assertNotNull(result). An isRefreshed() check and/or getValue() check would make this a meaningful regression guard rather than a trivially-passing test. Fix this →

---

Minor

• isJsonObject calls startsWith("{") before isValidJSON — correct order; no issue.
• The catch (Exception e) blocks in isRefreshed and refreshContentlet are broad but intentional and logged. Acceptable for a resilience boundary.
• refreshNestedStoryBlockValues is not guarded at the isRefreshed call site (line 835), but the round-trip through toJson before refreshStoryBlockValueReferences means the isJsonObject guard will always pass there. Not a bug.

---

Item 1 is the real risk; 2–4 are test quality issues.

[Copilot]

Pull request overview

Guards Story Block JSON parsing in StoryBlockAPIImpl so the transformer pipeline won’t attempt to deserialize non-object JSON tokens (scalars/arrays) into a LinkedHashMap, preventing /api/content/_search failures when related contentlets contain scalar defaults that look like valid JSON.

Changes:

• Introduced isJsonObject(String) and applied it to all call sites that would otherwise feed non-object JSON into toMap().
• Updated Story Block refresh/dependency extraction paths to skip parsing when the root JSON token isn’t an object.
• Added an integration test covering scalar/array/HTML inputs to ensure no exception is thrown.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
dotCMS/src/main/java/com/dotcms/contenttype/business/StoryBlockAPIImpl.java	Adds isJsonObject() and uses it to guard toMap() entry points against non-object JSON values.
dotcms-integration/src/test/java/com/dotcms/contenttype/business/StoryBlockAPITest.java	Adds regression test exercising numeric/string/boolean/array/HTML inputs for refreshStoryBlockValueReferences.

[wezell]

Not going to be worse