socketry
diff --git a/‎lib/protocol/http/cookie.rb‎
Lines changed: 45 additions & 34 deletions b/‎lib/protocol/http/cookie.rb‎
Lines changed: 45 additions & 34 deletions
diff --git a/‎lib/protocol/http/header/accept.rb‎
Lines changed: 1 addition & 1 deletion b/‎lib/protocol/http/header/accept.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/protocol/http/header/accept_charset.rb‎
Lines changed: 1 addition & 1 deletion b/‎lib/protocol/http/header/accept_charset.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/protocol/http/header/accept_encoding.rb‎
Lines changed: 1 addition & 1 deletion b/‎lib/protocol/http/header/accept_encoding.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/protocol/http/header/accept_language.rb‎
Lines changed: 1 addition & 1 deletion b/‎lib/protocol/http/header/accept_language.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/protocol/http/header/digest.rb‎
Lines changed: 1 addition & 1 deletion b/‎lib/protocol/http/header/digest.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/protocol/http/header/server_timing.rb‎
Lines changed: 1 addition & 1 deletion b/‎lib/protocol/http/header/server_timing.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/protocol/http/header/te.rb‎
Lines changed: 1 addition & 1 deletion b/‎lib/protocol/http/header/te.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/protocol/http/header/quoted_string.rb‎ renamed to ‎lib/protocol/http/quoted_string.rb‎
Lines changed: 11 additions & 13 deletions b/‎lib/protocol/http/header/quoted_string.rb‎ renamed to ‎lib/protocol/http/quoted_string.rb‎
Lines changed: 11 additions & 13 deletions
@@ -4,18 +4,37 @@
 # Copyright, 2019-2025, by Samuel Williams.
 # Copyright, 2022, by Herrick Fang.
 
-require_relative "url"
+require_relative "quoted_string"
 
 module Protocol
 	module HTTP
 		# Represents an individual cookie key-value pair.
 		class Cookie
+			# Valid cookie name characters according to RFC 6265.
+			# cookie-name = token (RFC 2616 defines token)
+			VALID_COOKIE_KEY = /\A#{TOKEN}\z/.freeze
+			
+			# Valid cookie value characters according to RFC 6265.
+			# cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
+			# cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
+			# Excludes control chars, whitespace, DQUOTE, comma, semicolon, and backslash
+			VALID_COOKIE_VALUE = /\A[\x21\x23-\x2B\x2D-\x3A\x3C-\x5B\x5D-\x7E]*\z/.freeze
+			
 			# Initialize the cookie with the given name, value, and directives.
 			#
-			# @parameter name [String] The name of the cookiel, e.g. "session_id".
+			# @parameter name [String] The name of the cookie, e.g. "session_id".
 			# @parameter value [String] The value of the cookie, e.g. "1234".
 			# @parameter directives [Hash] The directives of the cookie, e.g. `{"path" => "/"}`.
-			def initialize(name, value, directives)
+			# @raises [ArgumentError] If the name or value contains invalid characters.
+			def initialize(name, value, directives = nil)
+				unless VALID_COOKIE_KEY.match?(name)
+					raise ArgumentError, "Invalid cookie name: #{name.inspect}"
+				end
+				
+				if value && !VALID_COOKIE_VALUE.match?(value)
+					raise ArgumentError, "Invalid cookie value: #{value.inspect}"
+				end
+				
 				@name = name
 				@value = value
 				@directives = directives
@@ -30,41 +49,37 @@ def initialize(name, value, directives)
 			# @attribute [Hash] The directives of the cookie.
 			attr :directives
 
-			# Encode the name of the cookie.
-			def encoded_name
-				URL.escape(@name)
-			end
-			
-			# Encode the value of the cookie.
-			def encoded_value
-				URL.escape(@value)
+			# Encode a string for use in a cookie, escaping characters that are not allowed.
+			#
+			# @parameter string [String] The string to encode.
+			# @returns [String] The encoded string.
+			def self.encode(string)
+				string.b.gsub(/([^!#$%&'*+\-\.\/0-9A-Z\^_`a-z|~]+)/) do |match|
+					"%" + match.unpack("H2" * match.bytesize).join("%").upcase
+				end
 			end
 
 			# Convert the cookie to a string.
 			#
 			# @returns [String] The string representation of the cookie.
-			def to_s
-				buffer = String.new.b
-				
-				buffer << encoded_name << "=" << encoded_value
-				
-				if @directives
-					@directives.collect do |key, value|
-						buffer << ";"
-						
-						case value
-						when String
-							buffer << key << "=" << value
-						when TrueClass
-							buffer << key
-						end
+		def to_s
+			buffer = String.new
+			
+			buffer << @name << "=" << @value
+			
+			if @directives
+				@directives.each do |key, value|
+					buffer << ";"
+					buffer << key
+					
+					if value != true
+						buffer << "=" << value.to_s
 					end
 				end
-				
-				return buffer
 			end
 
-			# Parse a string into a cookie.
+			return buffer
+		end			# Parse a string into a cookie.
 			#
 			# @parameter string [String] The string to parse.
 			# @returns [Cookie] The parsed cookie.
@@ -74,11 +89,7 @@ def self.parse(string)
 				key, value = head.split("=", 2)
 				directives = self.parse_directives(directives)
 
-				self.new(
-					URL.unescape(key),
-					URL.unescape(value),
-					directives,
-				)
+				self.new(key, value, directives)
 			end
 
 			# Parse a list of strings into a hash of directives.
 
@@ -5,7 +5,7 @@
 # Copyright, 2025, by William T. Nelson.
 
 require_relative "split"
-require_relative "quoted_string"
+require_relative "../quoted_string"
 require_relative "../error"
 
 module Protocol
 
@@ -4,7 +4,7 @@
 # Copyright, 2025, by Samuel Williams.
 
 require_relative "split"
-require_relative "quoted_string"
+require_relative "../quoted_string"
 require_relative "../error"
 
 module Protocol
 
@@ -4,7 +4,7 @@
 # Copyright, 2025, by Samuel Williams.
 
 require_relative "split"
-require_relative "quoted_string"
+require_relative "../quoted_string"
 require_relative "../error"
 
 module Protocol
 
@@ -4,7 +4,7 @@
 # Copyright, 2025, by Samuel Williams.
 
 require_relative "split"
-require_relative "quoted_string"
+require_relative "../quoted_string"
 require_relative "../error"
 
 module Protocol
 
@@ -4,7 +4,7 @@
 # Copyright, 2025, by Samuel Williams.
 
 require_relative "split"
-require_relative "quoted_string"
+require_relative "../quoted_string"
 require_relative "../error"
 
 module Protocol
 
@@ -4,7 +4,7 @@
 # Copyright, 2025, by Samuel Williams.
 
 require_relative "split"
-require_relative "quoted_string"
+require_relative "../quoted_string"
 require_relative "../error"
 
 module Protocol
 
@@ -4,7 +4,7 @@
 # Copyright, 2025, by Samuel Williams.
 
 require_relative "split"
-require_relative "quoted_string"
+require_relative "../quoted_string"
 require_relative "../error"
 
 module Protocol
 
@@ -5,17 +5,16 @@
 
 module Protocol
 	module HTTP
-		module Header
-			# According to https://tools.ietf.org/html/rfc7231#appendix-C
-			TOKEN = /[!#$%&'*+\-.^_`|~0-9A-Z]+/i
-			
-			QUOTED_STRING = /"(?:.(?!(?<!\\)"))*.?"/
-			
-			# https://tools.ietf.org/html/rfc7231#section-5.3.1
-			QVALUE = /0(\.[0-9]{0,3})?|1(\.[0]{0,3})?/
-			
-			# Handling of HTTP quoted strings.
-			module QuotedString
+		# According to https://tools.ietf.org/html/rfc7231#appendix-C
+		TOKEN = /[!#$%&'*+\-.^_`|~0-9A-Z]+/i
+		
+		QUOTED_STRING = /"(?:.(?!(?<!\\)"))*.?"/
+		
+		# https://tools.ietf.org/html/rfc7231#section-5.3.1
+		QVALUE = /0(\.[0-9]{0,3})?|1(\.[0]{0,3})?/
+		
+		# Handling of HTTP quoted strings.
+		module QuotedString
 				# Unquote a "quoted-string" value according to <https://tools.ietf.org/html/rfc7230#section-3.2.6>. It should already match the QUOTED_STRING pattern above by the parser.
 				def self.unquote(value, normalize_whitespace = true)
 					value = value[1...-1]
@@ -41,9 +40,8 @@ def self.quote(value, force = false)
 						"\"#{value.gsub(/["\\]/, '\\\\\0')}\""
 					else
 						value
-					end
 				end
 			end
 		end
 	end
-end
+end