Several issues on https://codecov.io/site/security

I reported the following to the support email on 21 Dec 2018, but it still isn’t fixed (I did get a mail confirming receipt of the report, though; and two other issues I reported in the same email were fixed).

On https://codecov.io/site/security

  • the title of section 5 shows up in the table of contents as ‘Is my Team’s data isolated from other Teams?’
  • on the same page, I am seeing this error in the JavaScript console (with Safari 12.0.2 on Mac OS X 10.14): “[Error] Refused to execute a script because its hash, its nonce, or ‘unsafe-inline’ does not appear in the script-src directive of the Content Security Policy. (security, line 0)”
    A similar error appears with Firefox 64; I have not tried Safari
  • the links from the TOC to the questions do not work; indeed, none of the section <h2>s has the appropriate anchors

Thanks for following up @fingolfin – we are on it. I really appreciate you providing this feedback!