Search templates provide an easy way to add search functionality backed by an Elasticsearch index. They are also pretty secure – unless you accidentally use insecure syntax and open up your data to injection attacks. Invicti security researcher Sven Morgenroth shows where the dangers are and how to avoid them.