net/http: fix cookie value of "" being interpreted as empty string.

In issue #46443, we have established that double-quotes in cookie values should be kept as part of the value, rather than being discarded. However, we have missed the edge case of "" until now. This CL fixes said edge case. Fixes #75244 Change-Id: I627ad2376931514aa5dcc8961ad804e42b7d9434 Reviewed-on: https://go-review.googlesource.com/c/go/+/700755 Reviewed-by: Nicholas Husin <husin@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Nicholas Husin <husin@google.com> Reviewed-by: Damien Neil <dneil@google.com>
2025-10-19 11:03:18 +00:00 · 2025-09-03 14:25:59 -04:00 · 2025-09-03 14:25:59 -04:00 · 9d0829963c
commit 9d0829963c
parent ddce0522be
2 changed files with 1 additions and 3 deletions
--- a/src/net/http/cookie.go
+++ b/src/net/http/cookie.go
@ -459,9 +459,6 @@ func sanitizeCookieName(n string) string {
 // See https://golang.org/issue/7243 for the discussion.
 func sanitizeCookieValue(v string, quoted bool) string {
 	v = sanitizeOrWarn("Cookie.Value", validCookieValueByte, v)
-	if len(v) == 0 {
-		return v
-	}
 	if strings.ContainsAny(v, " ,") || quoted {
 		return `"` + v + `"`
 	}
--- a/src/net/http/cookie_test.go
+++ b/src/net/http/cookie_test.go
@ -530,6 +530,7 @@ func TestCookieSanitizeValue(t *testing.T) {
 		{"a,z", false, `"a,z"`},
 		{",z", false, `",z"`},
 		{"a,", false, `"a,"`},
+		{"", true, `""`},
 	}
 	for _, tt := range tests {
 		if got := sanitizeCookieValue(tt.in, tt.quoted); got != tt.want {