Use params in dynamic ES queries #33
Description
Building dynamic ES queries without parameters feels totally wrong. For example:
GET dev/_search
{
"aggs": {
"suggestions": {
"terms": {
"field": "report.tech.pkgs_kw.k.keyword",
"include": "mon.*"
}
}
},
"size": 0
}
where "include": "mon.*" is a dynamic field filled with user input. It allows Regex, so has to be thoroughly validated and escaped.
There should be a way of doing it via params like in SQL.