diff --git a/http2.d b/http2.d
index e024aee..f925712 100644
--- a/http2.d
+++ b/http2.d
@@ -756,7 +756,7 @@ class HttpRequest {
 		if(requestParameters.userAgent.length)
 			headers ~= "User-Agent: "~requestParameters.userAgent~"\r\n";
 		if(requestParameters.authorization.length)
-			headers ~= "User-Agent: "~requestParameters.authorization~"\r\n";
+			headers ~= "Authorization: "~requestParameters.authorization~"\r\n";
 		if(requestParameters.bodyData.length)
 			headers ~= "Content-Length: "~to!string(requestParameters.bodyData.length)~"\r\n";
 
diff --git a/script.d b/script.d
index c28a0e1..267a60c 100644
--- a/script.d
+++ b/script.d
@@ -352,17 +352,39 @@ class TokenStream(TextStream) {
 				token.type = ScriptToken.Type.string;
 				int pos = 1; // skip the opening "
 				bool escaped = false;
+				bool mustCopy = false;
 				// FIXME: escaping doesn't do the right thing lol. we should slice if we can, copy if not
 				while(pos < text.length && (escaped || text[pos] != '"')) {
-					if(escaped)
+					if(escaped) {
+						mustCopy = true;
 						escaped = false;
-					else
+					} else
 						if(text[pos] == '\\')
 							escaped = true;
 					pos++;
 				}
 
-				token.str = text[1 .. pos];
+				if(mustCopy) {
+					// there must be something escaped in there, so we need
+					// to copy it and properly handle those cases
+					string copy;
+					copy.reserve(pos);
+
+					escaped = false;
+					foreach(dchar ch; text[1 .. pos]) {
+						if(escaped)
+							escaped = false;
+						else if(ch == '\\') {
+							escaped = true;
+							continue;
+						}
+						copy ~= ch;
+					}
+
+					token.str = copy;
+				} else {
+					token.str = text[1 .. pos];
+				}
 				advance(pos + 1); // skip the closing " too
 			} else {
 				// let's check all symbols