In a recent Magento 1.9.3.2 project we experienced a strange behavior related to the built-in newsletter module in admin grid. When trying to add a newsletter template to the queue using the action dropdown in the admin grid the following JavaScript error showed up:
Uncaught SyntaxError: Unexpected end of JSON input
at JSON.parse (<anonymous>)
at String.parseJSON [as evalJSON] (prototype.js:720)
at Object.execute (grid.js:717)
at HTMLSelectElement.onchange (085f35f…:722)
A quick look at the option value for the admin grid’s row select input showed that the JSON was not properly escaped:
<select class="action-select" onchange="varienGridAction.execute(this);"><option value=""></option><option value="{" href":"https:\="" \="" www.someshop.com\="" index.php\="" __ma2ge_a5dm2in__\="" newsletter_queue\="" edit\="" template_id\="" 1\="" key\="" e5bdca9b9185cd175c6f9d297127d238\="" "}"="">Newsletter Warteschlange ...</option><option value="{" popup":true,"href":"https:\="" \="" www.someshop.com\="" index.php\="" __ma2ge_a5dm2in__\="" newsletter_template\="" preview\="" id\="" 1\="" key\="" b4b16e0fa2fb208b6191e6ddb3a6282c\="" ","onclick":"popwin(this.href,'_blank','width="800,height=700,resizable=1,scrollbars=1');return" false;"}"="">Vorschau</option></select>
As you can see the double quotes for the JSON option value was broken, thus resulting in a JavaScript exception when varienGridAction.execute(this) is triggered, e.g.:
<option value="{" href":"https:\="" \=""...
Since the built-in newsletter uses a custom row renderer for this action dropdown a check in Mage_Adminhtml_Block_Widget_Grid_Column_Renderer_Action was required, in particular _toOptionHtml:
protected function _toOptionHtml($action, Varien_Object $row) { $actionAttributes = new Varien_Object(); $actionCaption = ''; $this->_transformActionData($action, $actionCaption, $row); $htmlAttibutes = array('value'=> $this->escapeHtml(Mage::helper('core')->jsonEncode($action))); $actionAttributes->setData($htmlAttibutes); return '<option ' . $actionAttributes->serialize() . '>' . $actionCaption . '</option>'; }
The solution in this case is rather simple:
$htmlAttibutes = array('value'=> htmlentities($this->escapeHtml(Mage::helper('core')->jsonEncode($action))));
Further investigation is needed in this case as to why additional encoding is required. In the meantime the offending class was overwritten with the corresponding local version.