net/http: update sanitizeCookieValue description

Commit 8f6d68eb (CL 37328) changed the code of sanitizeCookieValue without updating its description.

Change-Id: Ib4a1a1f316548258b828458a31b09706bbd59b53
GitHub-Last-Rev: 9731494e17
GitHub-Pull-Request: golang/go#34790
Reviewed-on: https://go-review.googlesource.com/c/go/+/200041
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

src/net/http/cookie.go

@@ -353,6 +353,7 @@ func sanitizeCookieName(n string) string {
 	return cookieNameSanitizer.Replace(n)
 }
 
+// sanitizeCookieValue produces a suitable cookie-value from v.
 // https://tools.ietf.org/html/rfc6265#section-4.1.1
 // cookie-value      = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
 // cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
@@ -360,8 +361,8 @@ func sanitizeCookieName(n string) string {
 //           ; whitespace DQUOTE, comma, semicolon,
 //           ; and backslash
 // We loosen this as spaces and commas are common in cookie values
-// but we produce a quoted cookie-value in when value starts or ends
+// but we produce a quoted cookie-value if and only if v contains
-// with a comma or space.
+// commas or spaces.
 // See https://golang.org/issue/7243 for the discussion.
 func sanitizeCookieValue(v string) string {
 	v = sanitizeOrWarn("Cookie.Value", validCookieValueByte, v)