Escape all the values when appending them to the Entity Caps verification str. xmlnode_get_attrib and xmlnode_get_data unescape what they return. Thanks to Tobias and Waqas. This will still fail to validate if the other side uses entity codes (or uses other entities unnecessarily), but that should be dealt with as a hash failure instead of a collision. (10:12:11) Tobias: [18:48:43] <waqas> <identity category='client' type='pc' name='SomeClient'/><feature var='http://jabber.org/protocol/muc'/> turns into 'client/pc//SomeClient<http://jabber.org/protocol/caps<' but so does <identity category='client' type='pc' name='SomeClient&lt;http://jabber.org/protocol/caps'/>, which is a collision, right?

--- a/ChangeLog.API	Fri May 01 22:40:41 2009 +0000
+++ b/ChangeLog.API	Sat May 02 01:26:18 2009 +0000
@@ -27,6 +27,7 @@
 		* purple_connection_set_protocol_data
 		* purple_contact_destroy
 		* purple_conv_chat_invite_user
+		* purple_escape_html
 		* purple_global_proxy_set_info
 		* purple_group_destroy
 		* purple_log_get_activity_score