diff --git a/src/main/java/org/elasticsearch/script/groovy/GroovySandboxExpressionChecker.java b/src/main/java/org/elasticsearch/script/groovy/GroovySandboxExpressionChecker.java
index aa7ca8db65c..4970b4ebfbb 100644
--- a/src/main/java/org/elasticsearch/script/groovy/GroovySandboxExpressionChecker.java
+++ b/src/main/java/org/elasticsearch/script/groovy/GroovySandboxExpressionChecker.java
@@ -92,6 +92,7 @@ public class GroovySandboxExpressionChecker implements SecureASTCustomizer.Expre
     private final static String[] defaultReceiverWhitelist = new String [] {
             groovy.util.GroovyCollections.class.getName(),
             java.lang.Math.class.getName(),
+            java.lang.String.class.getName(),
             java.lang.Integer.class.getName(), "[I", "[[I", "[[[I",
             java.lang.Float.class.getName(), "[F", "[[F", "[[[F",
             java.lang.Double.class.getName(), "[D", "[[D", "[[[D",
diff --git a/src/test/java/org/elasticsearch/script/GroovySandboxScriptTests.java b/src/test/java/org/elasticsearch/script/GroovySandboxScriptTests.java
index 8e521a6f392..c0723e2d5bf 100644
--- a/src/test/java/org/elasticsearch/script/GroovySandboxScriptTests.java
+++ b/src/test/java/org/elasticsearch/script/GroovySandboxScriptTests.java
@@ -60,6 +60,8 @@ public class GroovySandboxScriptTests extends ElasticsearchIntegrationTest {
         testSuccess("def t = Instant.now().getMillis()");
         // GroovyCollections
         testSuccess("def n = [1,2,3]; GroovyCollections.max(n)");
+        // String
+        testSuccess("def s = String.format(\\\"%d\\\", 4)");
 
         // Fail cases
         testFailure("pr = Runtime.getRuntime().exec(\\\"touch /tmp/gotcha\\\"); pr.waitFor()",