Hi there,
I've implemented a basic search backed by an ES cluster. In a code review, my colleague asked if there was the possibility of a NoSQL injection attack. I assume that the QueryBuilder protected against injection attacks but that's not explicit in the documentation. Is it best practice to filter user-supplied query terms before using a QueryBuilder, or to rely on QueryBuilder's protection?
I'm using 5.5.1.
Thanks,
Greg