diff --git a/src/main/java/org/elasticsearch/script/groovy/GroovySandboxExpressionChecker.java b/src/main/java/org/elasticsearch/script/groovy/GroovySandboxExpressionChecker.java
index 6cd59d63c1d..aa7ca8db65c 100644
--- a/src/main/java/org/elasticsearch/script/groovy/GroovySandboxExpressionChecker.java
+++ b/src/main/java/org/elasticsearch/script/groovy/GroovySandboxExpressionChecker.java
@@ -21,10 +21,7 @@ package org.elasticsearch.script.groovy;
 
 import com.google.common.collect.ImmutableSet;
 import org.codehaus.groovy.ast.ClassNode;
-import org.codehaus.groovy.ast.expr.ConstructorCallExpression;
-import org.codehaus.groovy.ast.expr.Expression;
-import org.codehaus.groovy.ast.expr.GStringExpression;
-import org.codehaus.groovy.ast.expr.MethodCallExpression;
+import org.codehaus.groovy.ast.expr.*;
 import org.codehaus.groovy.control.customizers.SecureASTCustomizer;
 import org.elasticsearch.common.settings.Settings;
 
@@ -68,6 +65,7 @@ public class GroovySandboxExpressionChecker implements SecureASTCustomizer.Expre
             "wait",
             "notify",
             "notifyAll",
+            "invokeMethod",
             "finalize"
     };
 
@@ -120,7 +118,9 @@ public class GroovySandboxExpressionChecker implements SecureASTCustomizer.Expre
      */
     @Override
     public boolean isAuthorized(Expression expression) {
-        if (expression instanceof MethodCallExpression) {
+        if (expression instanceof MethodPointerExpression) {
+            return false;
+        } else if (expression instanceof MethodCallExpression) {
             MethodCallExpression mce = (MethodCallExpression) expression;
             String methodName = mce.getMethodAsString();
             if (methodBlacklist.contains(methodName)) {
diff --git a/src/test/java/org/elasticsearch/script/GroovySandboxScriptTests.java b/src/test/java/org/elasticsearch/script/GroovySandboxScriptTests.java
index 38421931c74..da6a843c971 100644
--- a/src/test/java/org/elasticsearch/script/GroovySandboxScriptTests.java
+++ b/src/test/java/org/elasticsearch/script/GroovySandboxScriptTests.java
@@ -92,6 +92,12 @@ public class GroovySandboxScriptTests extends ElasticsearchIntegrationTest {
 
         testFailure("def methodName = 'ex'; Runtime.\\\"${'get' + 'Runtime'}\\\"().\\\"${methodName}ec\\\"(\\\"touch /tmp/gotcha2\\\")",
                 "Expression [MethodCallExpression] is not allowed: java.lang.Runtime.$(get + Runtime)().$methodNameec(touch /tmp/gotcha2)");
+
+        testFailure("def c = [doc['foo'].value, 3, 4].&size;  c()",
+                "Expression [MethodPointerExpression] is not allowed");
+
+        testFailure("[doc['foo'].value, 3, 4].invokeMethod([1,2],\\\"size\\\", new Object[0])",
+                "Expression [MethodCallExpression] is not allowed: [doc[foo].value, 3, 4].invokeMethod([1, 2], size, [])");
     }
 
     @Test