From bc81a325ce985dc7b3c78ea9078bdc5096851fcb Mon Sep 17 00:00:00 2001
From: liaosong <liaosong1015@gmail.com>
Date: Mon, 17 Oct 2016 16:24:46 +0800
Subject: [PATCH] bugfix: the `label` has xss bug

---
 src/angular-pretty-checkable.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/angular-pretty-checkable.js b/src/angular-pretty-checkable.js
index 4f70415..25906ea 100644
--- a/src/angular-pretty-checkable.js
+++ b/src/angular-pretty-checkable.js
@@ -43,7 +43,7 @@ angular.module('pretty-checkable', [])
         if(attrs.label!=='false'){        
             //set label text to label if available otherwise default to value
             var labelText = scope.$eval(attrs.label ? attrs.label : attrs.value);
-            var label = angular.element('<label>'+labelText+'</label>');
+            var label = angular.element('<label></label>').text(labelText);
         
             //add label before or after depending on label-left value 
             if(attrs.labelLeft){
@@ -122,7 +122,7 @@ angular.module('pretty-checkable', [])
         if(attrs.label!=='false'){
             //set label text to label if available otherwise default to value        
             var labelText = scope.$eval(attrs.label ? attrs.label : attrs.value);
-            var label = angular.element('<label>'+labelText+'</label>');
+            var label = angular.element('<label></label>').text(labelText);
             //add label before or after depending on label-left value 
             if(attrs.labelLeft){
               element.prepend(label);