net/http: fix cookie value of "" being interpreted as empty string.

In issue #46443, we have established that double-quotes in cookie values
should be kept as part of the value, rather than being discarded.
However, we have missed the edge case of "" until now. This CL fixes
said edge case.

Fixes #75244

Change-Id: I627ad2376931514aa5dcc8961ad804e42b7d9434
Reviewed-on: https://go-review.googlesource.com/c/go/+/700755
Reviewed-by: Nicholas Husin <husin@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Nicholas Husin <husin@google.com>
Reviewed-by: Damien Neil <dneil@google.com>

2 files changed, 1 insertions, 3 deletions

diff --git a/src/net/http/cookie.go b/src/net/http/cookie.go
index 408fe88452..efe6cc3e77 100644
--- a/src/net/http/cookie.go
+++ b/src/net/http/cookie.go
@@ -459,9 +459,6 @@ func sanitizeCookieName(n string) string {
 // See https://golang.org/issue/7243 for the discussion.
 func sanitizeCookieValue(v string, quoted bool) string {
 	v = sanitizeOrWarn("Cookie.Value", validCookieValueByte, v)
-	if len(v) == 0 {
-		return v
-	}
 	if strings.ContainsAny(v, " ,") || quoted {
 		return `"` + v + `"`
 	}
diff --git a/src/net/http/cookie_test.go b/src/net/http/cookie_test.go
index aac6956362..8db4957b2c 100644
--- a/src/net/http/cookie_test.go
+++ b/src/net/http/cookie_test.go
@@ -530,6 +530,7 @@ func TestCookieSanitizeValue(t *testing.T) {
 		{"a,z", false, `"a,z"`},
 		{",z", false, `",z"`},
 		{"a,", false, `"a,"`},
+		{"", true, `""`},
 	}
 	for _, tt := range tests {
 		if got := sanitizeCookieValue(tt.in, tt.quoted); got != tt.want {