Escape attribute values when building link headers

src/cow_link.erl

@@ -363,10 +363,15 @@ do_link(#{target := TargetURI, rel := Rel, attributes := Params}) ->
 	[
 		$<, TargetURI, <<">"
 		"; rel=\"">>, Rel, $",
-		[[<<"; ">>, Key, <<"=\"">>, Value, $"]
+		[[<<"; ">>, Key, <<"=\"">>, escape(Value, <<>>), $"]
 			|| {Key, Value} <- Params]
 	].
 
+escape(<<>>, Acc) -> Acc;
+escape(<<$\\,R/bits>>, Acc) -> escape(R, <<Acc/binary,$\\,$\\>>);
+escape(<<$\",R/bits>>, Acc) -> escape(R, <<Acc/binary,$\\,$\">>);
+escape(<<C,R/bits>>, Acc) -> escape(R, <<Acc/binary,C>>).
+
 -ifdef(TEST).
 link_test_() ->
 	Tests = [
@@ -420,6 +425,15 @@ link_test_() ->
 				rel => <<"index">>,
 				attributes => []
 			}
+		]},
+		{<<"</>; rel=\"previous\"; quoted=\"name=\\\"value\\\"\"">>, [
+			#{
+				target => <<"/">>,
+				rel => <<"previous">>,
+				attributes => [
+					{<<"quoted">>, <<"name=\"value\"">>}
+				]
+			}
 		]}
 	],
 	[{iolist_to_binary(io_lib:format("~0p", [V])),