Incidentally, I posted the previous post about the IDN vulnerability from BloGTK on my Linux box, and I cut-and-pasted the Unicode “a” from Firefox from the original advisory into that BloGTK window. That Unicode “a” made it from Firefox, into BloGTK, over the XML-RPC wire to kryogenix.org, into a file, then back out of a file into this weblog post. I was utterly, utterly convinced that it wouldn’t work and it’d say “pH6;sd98ypal.com” or something. I must have got it all right somewhere.
The Official Kryogenix.org Unicode Policy is “everywhere and every time anything at all asks you about ‘encoding’ or anything like that, say ‘UTF-8‘“. This lacks rigour when you compare it with Joel Spolsky’s Unicode primer but, well, it worked. That’ll do, pig, that’ll do.