Steps to Reproduce

manipulate a /zkau request (e.g. via browser dev tools) to send an invalid AU request to the server

e.g. containing the following: invalid data_0=9 (number instead of JSON-object)

dtid=z_3cd&cmd_0=onClick&uuid_0=jVAP1&data_0=9

Current Result

A response containing implementation details, in a non customizable way (using the 'alert' function)
There's no option at server side to configure the error handling in these cases. Nor a practical way at client side to customize the error display without overriding the 'alert' function globally.

{"rs":[["alert",["class java.lang.Integer cannot be cast to class java.util.Map (java.lang.Integer and java.util.Map are in module java.base of loader 'bootstrap')",null,null,true]]]}

Expected Result

Since it's a technical error indicating either an implementation/framework error (not intended for end users), or as in this case (manipulated request parameters), a technical error code is preferable (similar to 467: Request incomplete in case the dtid parameter is missing) with details logged at server side.

HTTP-Error codes can be handled at server side (error handler) or at client side in the AJAX error handler, to customize the appearance to the end user.

Debug Information

responseError method (used only 4 times within the file):
https://github.com/zkoss/zk/blob/v9.1.0/zk/src/org/zkoss/zk/au/http/DHtmlUpdateServlet.java#L727-L733

Workaround