net/http: fix cookie value of "" being interpreted as empty string.

In issue #46443, we have established that double-quotes in cookie values
should be kept as part of the value, rather than being discarded.
However, we have missed the edge case of "" until now. This CL fixes
said edge case.

Fixes #75244

Change-Id: I627ad2376931514aa5dcc8961ad804e42b7d9434
Reviewed-on: https://go-review.googlesource.com/c/go/+/700755
Reviewed-by: Nicholas Husin <husin@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Nicholas Husin <husin@google.com>
Reviewed-by: Damien Neil <dneil@google.com>

diff --git a/src/net/http/cookie.go b/src/net/http/cookie.go
index 408fe88452b37afb097bbf1fc3e9ddf5956f5b16..efe6cc3e77e5b5776569cabdf1e118714eab884c 100644 (file)
--- a/src/net/http/cookie.go
+++ b/src/net/http/cookie.go
@@ -459,9 +459,6 @@ func sanitizeCookieName(n string) string {
 // See https://golang.org/issue/7243 for the discussion.
 func sanitizeCookieValue(v string, quoted bool) string {
        v = sanitizeOrWarn("Cookie.Value", validCookieValueByte, v)
-       if len(v) == 0 {
-               return v
-       }
        if strings.ContainsAny(v, " ,") || quoted {
                return `"` + v + `"`
        }

diff --git a/src/net/http/cookie_test.go b/src/net/http/cookie_test.go
index aac69563624fcde46e66bfd5e7816b8cc67b1736..8db4957b2cc37daae08e9a7063da673a2a8e0720 100644 (file)
--- a/src/net/http/cookie_test.go
+++ b/src/net/http/cookie_test.go
@@ -530,6 +530,7 @@ func TestCookieSanitizeValue(t *testing.T) {
                {"a,z", false, `"a,z"`},
                {",z", false, `",z"`},
                {"a,", false, `"a,"`},
+               {"", true, `""`},
        }
        for _, tt := range tests {
                if got := sanitizeCookieValue(tt.in, tt.quoted); got != tt.want {