eirk You mean that they do show the punycode by default instead of rendering the IDN? Well it seems like they sometimes show punycode instead of rendering it depending on your locale settings and what kind of characters are inside the domain name.
Because for me, all websites with IDNs I use are rendering the domain name in both Firefox and Chrome without me having changed any settings. That‘s also what is explained on the Wiki page you linked above. For example it says on Firefox:
„ Mozilla Firefox versions 22 and later display IDNs if either the TLD prevents homograph attacks by restricting which characters can be used in domain names or labels do not mix scripts for different languages. Otherwise IDNs are displayed in Punycode“
https://wiki.mozilla.org/IDN_Display_Algorithm
And don‘t forget about the attacks possible by always only showing the punycode version. I don‘t think that either „always render every domain“ and „always show punycode“ are best for security. Yes, we rather don’t want „adoḅe.com“ to be rendered as such, but if we always show only punycode, that makes „düsseldorf.de“ and „dässeldorf.de“ only distinguishable by looking at the weird numbers at the end, even though normally they‘re quite visually distinct.
https://gerv.net/hacking/idn/faq.html
Implementing support for one or multiple of the restriction levels from TR39 might be a good idea: http://www.unicode.org/reports/tr39/#Restriction_Level_Detection
As for libraries, the GNU project has one licensed as LGPL with TR46 support: http://www.gnu.org/software/libidn/#libidn2
„Libidn2 is believed to be a complete IDNA2008 / TR46 implementation“
It is used by wget and curl but I haven‘t personally tested it myself.