diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 874077b..4c82ae6 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,6 +6,9 @@ on:
   pull_request:
     branches: [main]
 
+permissions:
+  contents: read
+
 jobs:
   lint:
     runs-on: ubuntu-latest
diff --git a/lib/mpp/parsing.rb b/lib/mpp/parsing.rb
index ce1b137..73c0548 100644
--- a/lib/mpp/parsing.rb
+++ b/lib/mpp/parsing.rb
@@ -12,7 +12,7 @@ module Parsing
     MAX_HEADER_PAYLOAD_SIZE = T.let(16 * 1024, Integer)
 
     # RFC 9110 auth-param regex: key="value" or key=token
-    AUTH_PARAM_RE = /([a-zA-Z_][\w-]*)\s*=\s*(?:"((?:[^"\\]|\\.)*)"|([^\s,]+))/
+    AUTH_PARAM_RE = /([a-zA-Z_][\w-]*+)\s*=\s*(?:"((?:[^"\\]|\\.)*)"|([^\s,]++))/
 
     module_function
 
@@ -43,7 +43,7 @@ def b64_decode(encoded)
     def escape_quoted(str)
       Kernel.raise Mpp::ParseError, "Header value contains invalid CRLF characters" if str.include?("\r") || str.include?("\n")
 
-      str.gsub("\\", "\\\\\\\\").gsub('"', '\\"')
+      str.gsub(/[\\"]/) { |c| "\\#{c}" }
     end
 
     # Unescape a quoted-string value.