The lesson here seems to be "if you have to use blacklists, and you use unicode strings for those blacklists, also make sure the string you compare with doesn't have surrogates". //Lennart