diff --git a/docs/tutorial/security.md b/docs/tutorial/security.md
index ca8bd3a4b7fc..f16d8cf49bc9 100644
--- a/docs/tutorial/security.md
+++ b/docs/tutorial/security.md
@@ -57,7 +57,7 @@ This is not bulletproof, but at the least, you should attempt the following:
 * Do not disable `webSecurity`. Disabling it will disable the same-origin policy.
 * Define a [`Content-Security-Policy`](http://www.html5rocks.com/en/tutorials/security/content-security-policy/)
 , and use restrictive rules (i.e. `script-src 'self'`)
-* [Override and disable `eval`](https://github.com/nylas/N1/blob/0abc5d5defcdb057120d726b271933425b75b415/static/index.js#L6)
+* [Override and disable `eval`](https://github.com/nylas/N1/blob/0abc5d5defcdb057120d726b271933425b75b415/static/index.js#L6-L8)
 , which allows strings to be executed as code.
 * Do not set `allowDisplayingInsecureContent` to true.
 * Do not set `allowRunningInsecureContent` to true.