w3lib icon indicating copy to clipboard operation
w3lib copied to clipboard
verified publisher icon scrapy

canonicalize_url isn't handling some crucial cases

Open sibiryakov opened this issue 7 years ago • 5 comments

  • removal of userinfo
  • dots and slashes in path and hostname
  • spaces succeeding and preceding the URL
  • common session id variables and their values
  • ip v6 canonicalization

Useful links: https://developers.google.com/safe-browsing/v4/urls-hashing https://github.com/iipc/urlcanon/blob/master/python/urlcanon/canon.py#L530

sibiryakov avatar Jun 22 '18 13:06 sibiryakov

Nice links, thanks!

removal of userinfo

What does it mean? username/password?

dots and slashes in path and hostname

Could you please give an example? What's wrong with e.g. dots in hostname?

spaces succeeding and preceding the URL

Arguably this is an issue with link extraction, not with canonicalization. URLs shouldn't have such whitespaces. See also: https://github.com/scrapy/scrapy/issues/1614.

common session id variables and their values

This would be a very good feature to have, but we can't just blindly strip some known session_id parameter names and values by default. See also: https://github.com/scrapy/scrapy/issues/1560.

ip v6 canonicalization

a good call.

kmike avatar Jun 22 '18 13:06 kmike

WRT the session variables, it may be worth considering also the google analytics etc. URL params, like "utm_source"; those attributes will be added by lots of websites and social media tools to all outbound URLs and could probably be safely stripped during canonicalisation.

cathalgarvey avatar Jun 22 '18 14:06 cathalgarvey

yes, userinfo is username and password.

Could you please give an example? What's wrong with e.g. dots in hostname? google.com.

obviously these are task-dependent issues, but there is no mechanism to enable such behaviour.

sibiryakov avatar Jun 22 '18 15:06 sibiryakov

those attributes will be added by lots of websites and social media tools to all outbound URLs and could probably be safely stripped during canonicalisation.

I don't quite like doing this all by default without an option to turn it off. So the main question for now is how to make this behavior overridable, so that users can implement such rules themselves, without having to modify w3lib or scrapy. We can also provide something by default, but I think it should be a next step, and a separate task.

obviously these are task-dependent issues, but there is no mechanism to enable such behaviour.

Yep, it is discussed in https://github.com/scrapy/scrapy/issues/1560. Changing canonicalize_url to do these actions is not enough, there should be a mechanism in Scrapy to enable it, and it also should be customizable. This part of the ticket is a duplicate of https://github.com/scrapy/scrapy/issues/1560, probably it is better to keep discussion of this feature there. The problem is known, but there was no concrete proposal on how to fix it so far.

kmike avatar Jun 22 '18 16:06 kmike

yes, userinfo is username and password.

Is it a real issue in practice? I understand why it can help, but I can also see how it can break some of the use cases if https://github.com/scrapy/scrapy/pull/1466 gets merged, if we do it by default.

kmike avatar Jun 22 '18 16:06 kmike