diff --git a/src/api/utils/sanitize.ts b/src/api/utils/sanitize.ts
index 57b1154..0c63ebe 100644
--- a/src/api/utils/sanitize.ts
+++ b/src/api/utils/sanitize.ts
@@ -5,6 +5,9 @@ import DOMPurify, { type Config } from 'isomorphic-dompurify';
  * 针对博客文章内容优化的白名单配置
  */
 const SANITIZE_CONFIG: Config = {
+    // 允许所有 data-* 属性 (代码高亮、行号等功能需要)
+    ALLOW_DATA_ATTR: true,
+
     // 允许的 HTML 标签 - 博客文章常用标签
     ALLOWED_TAGS: [
         // 文本结构
@@ -130,13 +133,7 @@ const SANITIZE_CONFIG: Config = {
 
         // 时间属性
         'datetime',
-
-        // 数据属性 (用于代码高亮等)
-        'data-*',
-
-        // 代码块语言标识
-        'data-language',
-        'data-line',
+        // 注: data-* 属性已通过 ALLOW_DATA_ATTR: true 全局允许
     ],
 
     // 允许的 URI 协议
diff --git a/src/layouts/base/BaseLayout.astro b/src/layouts/base/BaseLayout.astro
index c190f85..a8f8001 100644
--- a/src/layouts/base/BaseLayout.astro
+++ b/src/layouts/base/BaseLayout.astro
@@ -38,7 +38,7 @@ const coverImageUrlStr = coverImageUrl
         <meta name="referrer" content="strict-origin-when-cross-origin" />
         <meta
             http-equiv="Content-Security-Policy"
-            content="default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' data: https:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; connect-src 'self' https://www.google-analytics.com; frame-ancestors 'self';"
+            content="default-src 'self'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' data: https:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; connect-src 'self' https://www.google-analytics.com; frame-ancestors 'self';"
         />
 
         {canonicalUrl && <link rel="canonical" href={canonicalUrl} />}