socketry
diff --git a/‎lib/protocol/http/cookie.rb‎
Lines changed: 38 additions & 27 deletions b/‎lib/protocol/http/cookie.rb‎
Lines changed: 38 additions & 27 deletions
diff --git a/‎lib/protocol/http/header/accept.rb‎
Lines changed: 1 addition & 1 deletion b/‎lib/protocol/http/header/accept.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/protocol/http/header/accept_charset.rb‎
Lines changed: 1 addition & 1 deletion b/‎lib/protocol/http/header/accept_charset.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/protocol/http/header/accept_encoding.rb‎
Lines changed: 1 addition & 1 deletion b/‎lib/protocol/http/header/accept_encoding.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/protocol/http/header/accept_language.rb‎
Lines changed: 1 addition & 1 deletion b/‎lib/protocol/http/header/accept_language.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/protocol/http/header/digest.rb‎
Lines changed: 1 addition & 1 deletion b/‎lib/protocol/http/header/digest.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/protocol/http/header/quoted_string.rb‎
Lines changed: 0 additions & 49 deletions b/‎lib/protocol/http/header/quoted_string.rb‎
Lines changed: 0 additions & 49 deletions
diff --git a/‎lib/protocol/http/header/server_timing.rb‎
Lines changed: 1 addition & 1 deletion b/‎lib/protocol/http/header/server_timing.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/protocol/http/header/te.rb‎
Lines changed: 1 addition & 1 deletion b/‎lib/protocol/http/header/te.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/protocol/http/quoted_string.rb‎
Lines changed: 47 additions & 0 deletions b/‎lib/protocol/http/quoted_string.rb‎
Lines changed: 47 additions & 0 deletions
@@ -4,18 +4,37 @@
 # Copyright, 2019-2025, by Samuel Williams.
 # Copyright, 2022, by Herrick Fang.
 
-require_relative "url"
+require_relative "quoted_string"
 
 module Protocol
 	module HTTP
 		# Represents an individual cookie key-value pair.
 		class Cookie
+			# Valid cookie name characters according to RFC 6265.
+			# cookie-name = token (RFC 2616 defines token)
+			VALID_COOKIE_KEY = /\A#{TOKEN}\z/.freeze
+			
+			# Valid cookie value characters according to RFC 6265.
+			# cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
+			# cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
+			# Excludes control chars, whitespace, DQUOTE, comma, semicolon, and backslash
+			VALID_COOKIE_VALUE = /\A[\x21\x23-\x2B\x2D-\x3A\x3C-\x5B\x5D-\x7E]*\z/.freeze
+			
 			# Initialize the cookie with the given name, value, and directives.
 			#
-			# @parameter name [String] The name of the cookiel, e.g. "session_id".
+			# @parameter name [String] The name of the cookie, e.g. "session_id".
 			# @parameter value [String] The value of the cookie, e.g. "1234".
 			# @parameter directives [Hash] The directives of the cookie, e.g. `{"path" => "/"}`.
-			def initialize(name, value, directives)
+			# @raises [ArgumentError] If the name or value contains invalid characters.
+			def initialize(name, value, directives = nil)
+				unless VALID_COOKIE_KEY.match?(name)
+					raise ArgumentError, "Invalid cookie name: #{name.inspect}"
+				end
+				
+				if value && !VALID_COOKIE_VALUE.match?(value)
+					raise ArgumentError, "Invalid cookie value: #{value.inspect}"
+				end
+				
 				@name = name
 				@value = value
 				@directives = directives
@@ -30,41 +49,37 @@ def initialize(name, value, directives)
 			# @attribute [Hash] The directives of the cookie.
 			attr :directives
 
-			# Encode the name of the cookie.
-			def encoded_name
-				URL.escape(@name)
-			end
-			
-			# Encode the value of the cookie.
-			def encoded_value
-				URL.escape(@value)
+			# Encode a string for use in a cookie, escaping characters that are not allowed.
+			#
+			# @parameter string [String] The string to encode.
+			# @returns [String] The encoded string.
+			def self.encode(string)
+				string.b.gsub(/([^!#$%&'*+\-\.\/0-9A-Z\^_`a-z|~]+)/) do |match|
+					"%" + match.unpack("H2" * match.bytesize).join("%").upcase
+				end
 			end
 
 			# Convert the cookie to a string.
 			#
 			# @returns [String] The string representation of the cookie.
 			def to_s
-				buffer = String.new.b
+				buffer = String.new
 
-				buffer << encoded_name << "=" << encoded_value
+				buffer << @name << "=" << @value
 
 				if @directives
-					@directives.collect do |key, value|
+					@directives.each do |key, value|
 						buffer << ";"
+						buffer << key
 
-						case value
-						when String
-							buffer << key << "=" << value
-						when TrueClass
-							buffer << key
+						if value != true
+							buffer << "=" << value.to_s
 						end
 					end
 				end
 
 				return buffer
-			end
-			
-			# Parse a string into a cookie.
+			end			# Parse a string into a cookie.
 			#
 			# @parameter string [String] The string to parse.
 			# @returns [Cookie] The parsed cookie.
@@ -74,11 +89,7 @@ def self.parse(string)
 				key, value = head.split("=", 2)
 				directives = self.parse_directives(directives)
 
-				self.new(
-					URL.unescape(key),
-					URL.unescape(value),
-					directives,
-				)
+				self.new(key, value, directives)
 			end
 
 			# Parse a list of strings into a hash of directives.
 
@@ -5,7 +5,7 @@
 # Copyright, 2025, by William T. Nelson.
 
 require_relative "split"
-require_relative "quoted_string"
+require_relative "../quoted_string"
 require_relative "../error"
 
 module Protocol
 
@@ -4,7 +4,7 @@
 # Copyright, 2025, by Samuel Williams.
 
 require_relative "split"
-require_relative "quoted_string"
+require_relative "../quoted_string"
 require_relative "../error"
 
 module Protocol
 
@@ -4,7 +4,7 @@
 # Copyright, 2025, by Samuel Williams.
 
 require_relative "split"
-require_relative "quoted_string"
+require_relative "../quoted_string"
 require_relative "../error"
 
 module Protocol
 
@@ -4,7 +4,7 @@
 # Copyright, 2025, by Samuel Williams.
 
 require_relative "split"
-require_relative "quoted_string"
+require_relative "../quoted_string"
 require_relative "../error"
 
 module Protocol
 
@@ -4,7 +4,7 @@
 # Copyright, 2025, by Samuel Williams.
 
 require_relative "split"
-require_relative "quoted_string"
+require_relative "../quoted_string"
 require_relative "../error"
 
 module Protocol
 
@@ -4,7 +4,7 @@
 # Copyright, 2025, by Samuel Williams.
 
 require_relative "split"
-require_relative "quoted_string"
+require_relative "../quoted_string"
 require_relative "../error"
 
 module Protocol
 
@@ -4,7 +4,7 @@
 # Copyright, 2025, by Samuel Williams.
 
 require_relative "split"
-require_relative "quoted_string"
+require_relative "../quoted_string"
 require_relative "../error"
 
 module Protocol
 
@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+# Released under the MIT License.
+# Copyright, 2025, by Samuel Williams.
+
+module Protocol
+	module HTTP
+		# According to https://tools.ietf.org/html/rfc7231#appendix-C
+		TOKEN = /[!#$%&'*+\-.^_`|~0-9A-Z]+/i
+		
+		QUOTED_STRING = /"(?:.(?!(?<!\\)"))*.?"/
+		
+		# https://tools.ietf.org/html/rfc7231#section-5.3.1
+		QVALUE = /0(\.[0-9]{0,3})?|1(\.[0]{0,3})?/
+		
+		# Handling of HTTP quoted strings.
+		module QuotedString
+			# Unquote a "quoted-string" value according to <https://tools.ietf.org/html/rfc7230#section-3.2.6>. It should already match the QUOTED_STRING pattern above by the parser.
+			def self.unquote(value, normalize_whitespace = true)
+				value = value[1...-1]
+				
+				value.gsub!(/\\(.)/, '\1')
+				
+				if normalize_whitespace
+					# LWS = [CRLF] 1*( SP | HT )
+					value.gsub!(/[\r\n]+\s+/, " ")
+				end
+				
+				return value
+			end
+			
+			QUOTES_REQUIRED = /[()<>@,;:\\"\/\[\]?={} \t]/
+			
+			# Quote a string for HTTP header values if required.
+			#
+			# @raises [ArgumentError] if the value contains invalid characters like control characters or newlines.
+			def self.quote(value, force = false)
+				# Check if quoting is required:
+				if value =~ QUOTES_REQUIRED or force
+					"\"#{value.gsub(/["\\]/, '\\\\\0')}\""
+				else
+					value
+				end
+			end
+		end
+	end
+end