Don't Do It
James Holderness has an excellent post on encoding RSS titles. I don't see any links to the test feed he describes, though it seems straightforward to recreate them. I was disappointed to see that NewsGator fails one test, though if you're grading on a curve, NewsGator did pretty well compared to some other aggregators. I disagree with James' conclusion, though.
Perhaps the only solution, barring a miraculous change of policy on the part of certain browser authors, is to just use both.
Please, don't do take James' advice. User-Agent sniffing is probably the worst possible solution, from an aggregator developer's perspective. Sweeping bugs under the carpet ultimately helps no one.
— Gordon Weakliem at permanent link
The State of Cookie-Based Authentication
Mark Nottingham examines the state of cookie based authentication of syndicated feeds, and it appears that very few aggregators support this. As a developer one has to ask a few questions before implementing this. Which cookies are significant when supporting cookie-based authentication? Clearly, you can't know this answer a priori, so either your aggregator works for only a some feeds, or it accepts any cookie. If an aggregator accepts arbitrary cookies, what other "features" is it supporting? If these features are in fact found to be undesirable, should aggregators include full cookie management interfaces the way that browsers commonly do? Should aggregators explicitly allow users to disable cookies for all feeds, or specific feeds? I believe the answer is yes to all those questions. So, I'm curious, of the browsers that pass Mark's test, how many support this level of cookie management?
The fact is that HTTP Basic and Digest authentication are much more widely supported by aggregators in general. Given that, and given the attendant loss of control with cookies, what's the advantage with cookie-based authentication? It seems to me to be more of a question of opening a lot of other headaches to redundantly support an existing feature.