The decision to allow url-decode to return nil for improperly encoded strings (instead of throwing an exception) now means that cookie handling needs to accomodate this newly-endorsed return value.
Frankly, I think raising an exception was the right behavior, but since nil is now a valid return value, the normalize-quoted-strs function now fails with an NPE if any cookie value cannot be decoded.
The decision to allow url-decode to return nil for improperly encoded strings (instead of throwing an exception) now means that cookie handling needs to accomodate this newly-endorsed return value.
Frankly, I think raising an exception was the right behavior, but since nil is now a valid return value, the normalize-quoted-strs function now fails with an NPE if any cookie value cannot be decoded.