diff --git a/core/tavern-helper/main.js b/core/tavern-helper/main.js
index 02b0446..54c4cc8 100644
--- a/core/tavern-helper/main.js
+++ b/core/tavern-helper/main.js
@@ -626,7 +626,15 @@ export function makeRequest(request, data) {
         const callbackRequest = `${request}_callback`;
 
         function handleMessage(event) {
+            // 安全修复：验证消息来源
+            if (event.origin !== window.location.origin && event.origin !== 'null') {
+                return;
+            }
+
             const msgData = event.data || {};
+            // 安全修复：确保消息源是我们期望的
+            if (msgData.source !== 'amily2-iframe-request') return;
+
             if (msgData.request === callbackRequest && msgData.uid === uid) {
                 window.removeEventListener('message', handleMessage);
                 if (msgData.error) {
@@ -649,7 +657,7 @@ export function makeRequest(request, data) {
             request: request,
             uid: uid,
             data: data
-        }, '*');
+        }, window.location.origin);
     });
 }
 
@@ -668,6 +676,12 @@ export function registerApiHandler(request, handler) {
 
 export function initializeApiListener() {
     window.addEventListener('message', async (event) => {
+        // 安全修复：严格验证消息来源，防止跨源消息伪造
+        // 'null' 是 srcdoc 或 blob URL iframe 的 origin
+        if (event.origin !== window.location.origin && event.origin !== 'null') {
+            return;
+        }
+
         const data = event.data || {};
         if (data.source !== 'amily2-iframe-request' || !data.request || data.uid === undefined) {
             return;
@@ -682,7 +696,7 @@ export function initializeApiListener() {
                 request: callbackRequest,
                 uid: data.uid,
                 error: `未注册请求 '${data.request}' 的处理器`
-            }, '*');
+            }, event.origin); // 安全修复：回复到确切的来源，而不是 '*'
             return;
         }
 
@@ -692,14 +706,14 @@ export function initializeApiListener() {
                 request: callbackRequest,
                 uid: data.uid,
                 result: result
-            }, '*');
+            }, event.origin); // 安全修复：回复到确切的来源
         } catch (error) {
             console.error(`[Amily2-IframeAPI] 执行处理器 '${data.request}' 时出错:`, error);
             event.source.postMessage({
                 request: callbackRequest,
                 uid: data.uid,
                 error: error.message || String(error)
-            }, '*');
+            }, event.origin); // 安全修复：回复到确切的来源
         }
     });
     console.log('[Amily2-IframeAPI] 主窗口监听器已初始化');
diff --git a/core/tavern-helper/renderer.js b/core/tavern-helper/renderer.js
index f481f0d..54232e1 100644
--- a/core/tavern-helper/renderer.js
+++ b/core/tavern-helper/renderer.js
@@ -565,11 +565,11 @@ function renderHtmlInIframe(htmlContent, container, preElement) {
         iframe.setAttribute('frameborder', '0');
         iframe.setAttribute('scrolling', 'no');
         iframe.loading = 'eager';
-        if (settings.sandboxMode) {
-            iframe.setAttribute('sandbox', 'allow-scripts allow-modals');
-        } else {
-            iframe.setAttribute('sandbox', 'allow-scripts allow-same-origin allow-forms allow-modals allow-popups');
-        }
+        // 始终使用严格的沙箱策略，移除 allow-same-origin 以防止XSS攻击。
+        // 仅允许脚本、表单、弹窗和模态框。
+        // allow-popups-to-escape-sandbox 允许弹窗（如新标签页）摆脱沙箱限制，这对于外部链接是必要的。
+        // allow-downloads 允许文件下载。
+        iframe.setAttribute('sandbox', 'allow-scripts allow-forms allow-modals allow-popups allow-popups-to-escape-sandbox allow-downloads');
         
         if (needsVh) {
             iframe.dataset.needsVh = 'true';