How to Make a Spider Trap with SvelteKit
Welcome to this handy guide and demonstration! I'm glad you were able to find this hidden link. Unless of course, you are a bot, in which case, welcome to hell.
There are four main types of spider traps all of which SvelteKit does a good job of mitigating: Expanding URL Traps, Mix & Match Traps, Calender Traps, and Session ID Traps.
# Expanding URL Traps
Expanding URL traps are created when a site routes multiple URLs to the same page. Often this happens because a part of the URL is ignored by the router. SvelteKit is resilient to these kinds of traps thanks to its folder based router, but one can still be created when wildcard url slugs are used. These are the smallest traps since they will quickly exceed the maximum URL length.
# Mix & Match Traps
Mix & Match traps are created when multiple URL parameters can each hold a number of values. These combine to create asstonishing numbers of pages, even with few options. SvelteKit is neither strong nor weak when it comes to this type of trap.
# Calender Traps
Calender traps are very common, and are easy to create in SvelteKit. They are created when a URL parameter is used but can be incremented/decremented indefinitely. They are called Calender traps because the prototypical example of this trap is a calender where the date changes are links. The size of this trap is generally smaller than a Mix & Match but bigger than an Expanding URL.
# Session ID Traps
Session ID traps are a category of spider traps characterized by a query paramter that gets tacked onto every page, traditionally to track a session. SvelteKit is pretty resilient to these since it handles session data natively. These types of traps are also easy to avoid by using cookies or local storage. However, Session ID traps are also the most devastating. When one is created it, multiples the current site size by the maximum session ID. This includes any existing spider traps that may already be quite large.