diff --git a/bower.json b/bower.json
index 5704b3aec..a6fc85b41 100644
--- a/bower.json
+++ b/bower.json
@@ -29,7 +29,7 @@
     "rangy": "rangy-release#~1.3.0",
     "json.sortify": "~2.1.0",
     "fabric.js": "fabric#~1.6.0",
-    "hyperjson": "~1.3.1",
+    "hyperjson": "~1.4.0",
     "textpatcher": "^1.3.0",
     "proxy-polyfill": "^0.1.5",
     "chainpad": "^0.3.0",
diff --git a/config.js.dist b/config.js.dist
index 91bf38d95..da80bb374 100644
--- a/config.js.dist
+++ b/config.js.dist
@@ -14,24 +14,35 @@ module.exports = {
      *  Examples are provided below
      */
 
-/*
     httpHeaders: {
-        "Content-Security-Policy": [
-            "default-src 'none'",
-            "style-src 'unsafe-inline' 'self'",
-            "script-src 'self' 'unsafe-eval' 'unsafe-inline'",
-            "child-src 'self' cryptpad.fr *.cryptpad.fr",
-            "font-src 'self'",
-            "connect-src 'self' wss://cryptpad.fr",
-    // data: is used by codemirror, (insecure remote) images are included by
-    // users of the wysiwyg who embed photos in their pads
-            "img-src data: *",
-        ].join('; '),
-
         "X-XSS-Protection": "1; mode=block",
         "X-Content-Type-Options": "nosniff",
         // 'X-Frame-Options': 'SAMEORIGIN',
-    },*/
+    },
+
+    contentSecurity: [
+        "default-src 'none'",
+        "style-src 'unsafe-inline' 'self'",
+        "script-src 'self'",
+        "child-src 'self' cryptpad.fr *.cryptpad.fr",
+        "font-src 'self'",
+        "connect-src 'self' wss://cryptpad.fr",
+        // data: is used by codemirror
+        "img-src 'self' data:",
+    ].join('; '),
+
+    // CKEditor requires significantly more lax content security policy in order to function.
+    padContentSecurity: [
+        "default-src 'none'",
+        "style-src 'unsafe-inline' 'self'",
+        // Unsafe inline, unsafe-eval are needed for ckeditor :(
+        "script-src 'self' 'unsafe-eval' 'unsafe-inline'",
+        "child-src 'self' cryptpad.fr *.cryptpad.fr",
+        "font-src 'self'",
+        "connect-src 'self' wss://cryptpad.fr",
+        // (insecure remote) images are included by users of the wysiwyg who embed photos in their pads
+        "img-src *",
+    ].join('; '),
 
     httpPort: 3000,
 
@@ -51,7 +62,7 @@ module.exports = {
     //websocketPort: 3000,
 
     /*  if you want to run a different version of cryptpad but using the same websocket
-     *  server, you should use the other server port as websocketPort and disable 
+     *  server, you should use the other server port as websocketPort and disable
      *  the websockets on that server
      */
     //useExternalWebsocket: false,
diff --git a/customize.dist/about.html b/customize.dist/about.html
index c0f3a0b97..988efafc3 100644
--- a/customize.dist/about.html
+++ b/customize.dist/about.html
@@ -1,5 +1,6 @@
 <!DOCTYPE html>
 <html class="cp">
+<!-- If this file is not called customize.dist/src/template.html, it is generated -->
 <head>
     <title data-localization="main_title">Cryptpad: Zero Knowledge, Collaborative Real Time Editing</title>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
@@ -9,16 +10,8 @@
     <link rel="icon" type="image/png" href="/customize/main-favicon.png" id="favicon"/>
     <script src="/bower_components/jquery/dist/jquery.min.js"></script>
     <link rel="stylesheet" href="/bower_components/bootstrap/dist/css/bootstrap.min.css">
-        <script data-main="/customize/main" src="/bower_components/requirejs/require.js"></script>
+        <script data-bootload="/customize/main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
 
-
-    <script src="/bower_components/requirejs/require.js"></script>
-    <script>
-        require.config({
-            waitSeconds: 60,
-            urlArgs: "bust=1.1.0",
-        });
-    </script>
 </head>
 <body class="html">
     <div id="cryptpadTopBar">
@@ -126,4 +119,3 @@
 
 </body>
 </html>
-
diff --git a/customize.dist/contact.html b/customize.dist/contact.html
index 7b2cd03ae..1985d8347 100644
--- a/customize.dist/contact.html
+++ b/customize.dist/contact.html
@@ -1,5 +1,6 @@
 <!DOCTYPE html>
 <html class="cp">
+<!-- If this file is not called customize.dist/src/template.html, it is generated -->
 <head>
     <title data-localization="main_title">Cryptpad: Zero Knowledge, Collaborative Real Time Editing</title>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
@@ -9,16 +10,8 @@
     <link rel="icon" type="image/png" href="/customize/main-favicon.png" id="favicon"/>
     <script src="/bower_components/jquery/dist/jquery.min.js"></script>
     <link rel="stylesheet" href="/bower_components/bootstrap/dist/css/bootstrap.min.css">
-        <script data-main="/customize/main" src="/bower_components/requirejs/require.js"></script>
+        <script data-bootload="/customize/main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
 
-
-    <script src="/bower_components/requirejs/require.js"></script>
-    <script>
-        require.config({
-            waitSeconds: 60,
-            urlArgs: "bust=1.1.0",
-        });
-    </script>
 </head>
 <body class="html">
     <div id="cryptpadTopBar">
@@ -123,4 +116,3 @@
 
 </body>
 </html>
-
diff --git a/customize.dist/index.html b/customize.dist/index.html
index eb1815e34..12697787e 100644
--- a/customize.dist/index.html
+++ b/customize.dist/index.html
@@ -1,5 +1,6 @@
 <!DOCTYPE html>
 <html class="cp">
+<!-- If this file is not called customize.dist/src/template.html, it is generated -->
 <head>
     <title data-localization="main_title">Cryptpad: Zero Knowledge, Collaborative Real Time Editing</title>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
@@ -9,16 +10,8 @@
     <link rel="icon" type="image/png" href="/customize/main-favicon.png" id="favicon"/>
     <script src="/bower_components/jquery/dist/jquery.min.js"></script>
     <link rel="stylesheet" href="/bower_components/bootstrap/dist/css/bootstrap.min.css">
-        <script data-main="/customize/main" src="/bower_components/requirejs/require.js"></script>
+        <script data-bootload="/customize/main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
 
-
-    <script src="/bower_components/requirejs/require.js"></script>
-    <script>
-        require.config({
-            waitSeconds: 60,
-            urlArgs: "bust=1.1.0",
-        });
-    </script>
 </head>
 <body class="html">
     <div id="cryptpadTopBar">
@@ -245,4 +238,3 @@
 
 </body>
 </html>
-
diff --git a/customize.dist/main.css b/customize.dist/main.css
index fb3be659c..791563ed3 100644
--- a/customize.dist/main.css
+++ b/customize.dist/main.css
@@ -1306,7 +1306,6 @@ html.cp,
   max-width: 90%;
   max-height: 90%;
   margin: auto;
-  border: 5px solid red;
 }
 .cp div.modal,
 .cp div#modal {
diff --git a/customize.dist/privacy.html b/customize.dist/privacy.html
index 10910bfff..403a0f1c4 100644
--- a/customize.dist/privacy.html
+++ b/customize.dist/privacy.html
@@ -1,5 +1,6 @@
 <!DOCTYPE html>
 <html class="cp">
+<!-- If this file is not called customize.dist/src/template.html, it is generated -->
 <head>
     <title data-localization="main_title">Cryptpad: Zero Knowledge, Collaborative Real Time Editing</title>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
@@ -9,16 +10,8 @@
     <link rel="icon" type="image/png" href="/customize/main-favicon.png" id="favicon"/>
     <script src="/bower_components/jquery/dist/jquery.min.js"></script>
     <link rel="stylesheet" href="/bower_components/bootstrap/dist/css/bootstrap.min.css">
-        <script data-main="/customize/main" src="/bower_components/requirejs/require.js"></script>
+        <script data-bootload="/customize/main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
 
-
-    <script src="/bower_components/requirejs/require.js"></script>
-    <script>
-        require.config({
-            waitSeconds: 60,
-            urlArgs: "bust=1.1.0",
-        });
-    </script>
 </head>
 <body class="html">
     <div id="cryptpadTopBar">
@@ -144,4 +137,3 @@
 
 </body>
 </html>
-
diff --git a/customize.dist/src/fragments/appscript.html b/customize.dist/src/fragments/appscript.html
index 66cc0acea..3f1dd7b58 100644
--- a/customize.dist/src/fragments/appscript.html
+++ b/customize.dist/src/fragments/appscript.html
@@ -1,3 +1,2 @@
     <link rel="stylesheet" type="text/css" href="main.css" />
-    <script data-main="main" src="/bower_components/requirejs/require.js"></script>
-
+    <script data-bootload="main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
diff --git a/customize.dist/src/fragments/empty.html b/customize.dist/src/fragments/empty.html
index 05fd6a0cb..d42a450af 100644
--- a/customize.dist/src/fragments/empty.html
+++ b/customize.dist/src/fragments/empty.html
@@ -1,2 +1 @@
-    <script data-main="main" src="/bower_components/requirejs/require.js"></script>
     <div id="container"></div>
diff --git a/customize.dist/src/fragments/script.html b/customize.dist/src/fragments/script.html
index 99ea023b5..35a65e8a1 100644
--- a/customize.dist/src/fragments/script.html
+++ b/customize.dist/src/fragments/script.html
@@ -1,2 +1 @@
-    <script data-main="/customize/main" src="/bower_components/requirejs/require.js"></script>
-
+    <script data-bootload="/customize/main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
diff --git a/customize.dist/src/less/cryptpad.less b/customize.dist/src/less/cryptpad.less
index a4b2f148e..6e0f951fb 100644
--- a/customize.dist/src/less/cryptpad.less
+++ b/customize.dist/src/less/cryptpad.less
@@ -861,8 +861,6 @@ form.realtime, div.realtime {
             max-width: 90%;
             max-height: 90%;
             margin: auto;
-
-            border: 5px solid red;
         }
     }
 }
diff --git a/customize.dist/src/less/toolbar.less b/customize.dist/src/less/toolbar.less
index 73cce9923..8befac1ab 100644
--- a/customize.dist/src/less/toolbar.less
+++ b/customize.dist/src/less/toolbar.less
@@ -309,7 +309,10 @@
     float: left;
     margin-bottom: -1px;
     .cryptpad-user-list {
-        float: right;
+        //float: right;
+        pre {
+            white-space: pre;
+        }
     }
     button {
         margin: 2px 4px 2px 0px;
diff --git a/customize.dist/src/template.html b/customize.dist/src/template.html
index 314fa29f9..069e23511 100644
--- a/customize.dist/src/template.html
+++ b/customize.dist/src/template.html
@@ -1,5 +1,6 @@
 <!DOCTYPE html>
 <html class="cp">
+<!-- If this file is not called customize.dist/src/template.html, it is generated -->
 <head>
     <title data-localization="main_title">Cryptpad: Zero Knowledge, Collaborative Real Time Editing</title>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
@@ -10,13 +11,6 @@
     <script src="/bower_components/jquery/dist/jquery.min.js"></script>
     <link rel="stylesheet" href="/bower_components/bootstrap/dist/css/bootstrap.min.css">
     {{script}}
-    <script src="/bower_components/requirejs/require.js"></script>
-    <script>
-        require.config({
-            waitSeconds: 60,
-            urlArgs: "bust=1.1.0",
-        });
-    </script>
 </head>
 <body class="html">
     {{topbar}}
@@ -30,4 +24,3 @@
     {{footer}}
 </body>
 </html>
-
diff --git a/customize.dist/terms.html b/customize.dist/terms.html
index 205f6c2a7..a92c99c93 100644
--- a/customize.dist/terms.html
+++ b/customize.dist/terms.html
@@ -1,5 +1,6 @@
 <!DOCTYPE html>
 <html class="cp">
+<!-- If this file is not called customize.dist/src/template.html, it is generated -->
 <head>
     <title data-localization="main_title">Cryptpad: Zero Knowledge, Collaborative Real Time Editing</title>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
@@ -9,16 +10,8 @@
     <link rel="icon" type="image/png" href="/customize/main-favicon.png" id="favicon"/>
     <script src="/bower_components/jquery/dist/jquery.min.js"></script>
     <link rel="stylesheet" href="/bower_components/bootstrap/dist/css/bootstrap.min.css">
-        <script data-main="/customize/main" src="/bower_components/requirejs/require.js"></script>
+        <script data-bootload="/customize/main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
 
-
-    <script src="/bower_components/requirejs/require.js"></script>
-    <script>
-        require.config({
-            waitSeconds: 60,
-            urlArgs: "bust=1.1.0",
-        });
-    </script>
 </head>
 <body class="html">
     <div id="cryptpadTopBar">
@@ -127,4 +120,3 @@
 
 </body>
 </html>
-
diff --git a/customize.dist/toolbar.css b/customize.dist/toolbar.css
index de846b7bd..e0e0bda64 100644
--- a/customize.dist/toolbar.css
+++ b/customize.dist/toolbar.css
@@ -372,8 +372,8 @@
   float: left;
   margin-bottom: -1px;
 }
-.cryptpad-toolbar-leftside .cryptpad-user-list {
-  float: right;
+.cryptpad-toolbar-leftside .cryptpad-user-list pre {
+  white-space: pre;
 }
 .cryptpad-toolbar-leftside button {
   margin: 2px 4px 2px 0px;
diff --git a/customize.dist/translations/messages.js b/customize.dist/translations/messages.js
index c32f346eb..d04b3d015 100644
--- a/customize.dist/translations/messages.js
+++ b/customize.dist/translations/messages.js
@@ -50,10 +50,8 @@ define(function () {
     out.orangeLight = "Your slow connection may impact your experience";
     out.redLight = "You are disconnected from the session";
 
-    out.importButton = 'IMPORT';
     out.importButtonTitle = 'Import a pad from a local file';
 
-    out.exportButton = 'EXPORT';
     out.exportButtonTitle = 'Export this pad to a local file';
     out.exportPrompt = 'What would you like to name your file?';
 
@@ -64,7 +62,6 @@ define(function () {
 
     out.clickToEdit = "Click to edit";
 
-    out.forgetButton = 'FORGET';
     out.forgetButtonTitle = 'Move this pad to the trash';
     out.forgetPrompt = 'Clicking OK will move this pad to your trash. Are you sure?';
     out.movedToTrash = 'That pad has been moved to the trash.<br><a href="/drive/">Access my Drive</a>';
@@ -75,19 +72,14 @@ define(function () {
     out.newButton = 'New';
     out.newButtonTitle = 'Create a new pad';
 
-    out.presentButton = 'PRESENT';
     out.presentButtonTitle = "Enter presentation mode";
     out.presentSuccess = 'Hit ESC to exit presentation mode';
-    out.sourceButton = 'VIEW SOURCE'; //TODO remove? hidden behind the present mode
-    out.sourceButtonTitle = "Leave presentation mode";
 
-    out.backgroundButton = 'BACKGROUND COLOR';
     out.backgroundButtonTitle = 'Change the background color in the presentation';
-    out.colorButton = 'TEXT COLOR';
     out.colorButtonTitle = 'Change the text color in presentation mode';
 
     out.editShare = "Editing link";
-    out.editShareTitle = "Copy the edit link to clipboard";
+    out.editShareTitle = "Copy the editing link to clipboard";
     out.viewShare = "Read-only link";
     out.viewShareTitle = "Copy the read-only link to clipboard";
     out.viewOpen = "Open read-only link in new tab";
@@ -110,7 +102,6 @@ define(function () {
     out.poll_p_save = "Your settings are updated instantly, so you never need to save.";
     out.poll_p_encryption = "All your input is encrypted so only people who have the link can access it. Even the server cannot see what you change.";
 
-    out.wizardButton = 'WIZARD';
     out.wizardLog = "Click the button in the top left to return to your poll";
     out.wizardTitle = "Use the wizard to create your poll";
     out.wizardConfirm = "Are you really ready to add these options to your poll?";
@@ -221,7 +212,7 @@ define(function () {
     out.login_noSuchUser = 'Invalid username or password. Try again, or sign up';
     out.login_invalUser = 'Username required';
     out.login_invalPass = 'Password required';
-    out.login_unhandledError = 'An unexpected error occured :(';
+    out.login_unhandledError = 'An unexpected error occurred :(';
 
     out.register_importRecent = "Import pad history (Recommended)";
     out.register_acceptTerms = "I accept <a href='/terms.html'>the terms of service</a>";
diff --git a/package.json b/package.json
index 05b1862fe..ba331a899 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "cryptpad",
   "description": "realtime collaborative visual editor with zero knowlege server",
-  "version": "1.1.0",
+  "version": "1.1.1",
   "dependencies": {
     "express": "~4.10.1",
     "ws": "^1.0.1",
diff --git a/server.js b/server.js
index 548a78949..503558c1f 100644
--- a/server.js
+++ b/server.js
@@ -7,6 +7,7 @@ var Https = require('https');
 var Fs = require('fs');
 var WebSocketServer = require('ws').Server;
 var NetfluxSrv = require('./NetfluxWebsocketSrv');
+var Package = require('./package.json');
 
 var config = require('./config');
 var websocketPort = config.websocketPort || config.httpPort;
@@ -19,20 +20,31 @@ var app = Express();
 
 var httpsOpts;
 
+const clone = (x) => (JSON.parse(JSON.stringify(x)));
+
 var setHeaders = (function () {
     if (typeof(config.httpHeaders) !== 'object') { return function () {}; }
 
-    var headers = JSON.parse(JSON.stringify(config.httpHeaders));
+    const headers = clone(config.httpHeaders);
+    if (config.contentSecurity) {
+        headers['Content-Security-Policy'] = clone(config.contentSecurity);
+    }
+    const padHeaders = clone(headers);
+    if (config.padContentSecurity) {
+        padHeaders['Content-Security-Policy'] = clone(config.padContentSecurity);
+    }
     if (Object.keys(headers).length) {
-        return function (res) {
-            for (var header in headers) { res.setHeader(header, headers[header]); }
+        return function (req, res) {
+            const h = /^\/pad\/inner\.html.*/.test(req.url) ? padHeaders : headers;
+            for (let header in h) { res.setHeader(header, h[header]); }
         };
     }
     return function () {};
 }());
 
 app.use(function (req, res, next) {
-    setHeaders(res);
+    setHeaders(req, res);
+    if (/[\?\&]ver=[^\/]+$/.test(req.url)) { res.setHeader("Cache-Control", "max-age=31536000"); }
     next();
 });
 
@@ -82,6 +94,10 @@ app.get('/api/config', function(req, res){
     var host = req.headers.host.replace(/\:[0-9]+/, '');
     res.setHeader('Content-Type', 'text/javascript');
     res.send('define(' + JSON.stringify({
+        requireConf: {
+            waitSeconds: 60,
+            urlArgs: 'ver=' + Package.version
+        },
         websocketPath: config.useExternalWebsocket ? undefined : config.websocketPath,
         websocketURL:'ws' + ((useSecureWebsockets) ? 's' : '') + '://' + host + ':' +
             websocketPort + '/cryptpad_websocket',
diff --git a/www/code/index.html b/www/code/index.html
index df3fe1142..af6247a40 100644
--- a/www/code/index.html
+++ b/www/code/index.html
@@ -4,13 +4,7 @@
     <title>CryptPad</title>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <script data-main="main" src="/bower_components/requirejs/require.js"></script>
-    <script>
-        require.config({
-            waitSeconds: 60,
-            urlArgs: "bust=1.1.0",
-        });
-    </script>
+    <script data-bootload="main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
     <link rel="icon" type="image/png"
         href="/customize/main-favicon.png"
 
@@ -49,11 +43,7 @@
 </head>
 <body>
     <div id="iframe-container">
-        <iframe id="pad-iframe"></iframe>
-        <script>
-            document.getElementById('pad-iframe').setAttribute('src', 'inner.html?' + new Date().getTime());
-        </script>
+        <iframe id="pad-iframe"></iframe><script src="/common/noscriptfix.js"></script>
     </div>
 </body>
 </html>
-
diff --git a/www/code/main.js b/www/code/main.js
index 5ece7a208..e8999ffee 100644
--- a/www/code/main.js
+++ b/www/code/main.js
@@ -689,7 +689,7 @@ define([
                 // inform of network disconnect
                 setEditable(false);
                 toolbar.failed();
-                Cryptpad.alert(Messages.common_connectionLost);
+                Cryptpad.alert(Messages.common_connectionLost, undefined, force);
             };
 
             var onConnectionChange = config.onConnectionChange = function (info) {
@@ -700,7 +700,7 @@ define([
                     toolbar.reconnecting(info.myId);
                     Cryptpad.findOKButton().click();
                 } else {
-                    Cryptpad.alert(Messages.common_connectionLost);
+                    Cryptpad.alert(Messages.common_connectionLost, undefined, force);
                 }
             };
 
diff --git a/www/common/boot.js b/www/common/boot.js
new file mode 100644
index 000000000..406521778
--- /dev/null
+++ b/www/common/boot.js
@@ -0,0 +1,5 @@
+// Stage 0, this gets cached which means we can't change it. boot2.js is changable.
+define(['/api/config?cb=' + (+new Date()).toString(16)], function (Config) {
+    if (Config.requireConf) { require.config(Config.requireConf); }
+    require(['/common/boot2.js']);
+});
diff --git a/www/common/boot2.js b/www/common/boot2.js
new file mode 100644
index 000000000..72519b73e
--- /dev/null
+++ b/www/common/boot2.js
@@ -0,0 +1,6 @@
+// This is stage 1, it can be changed but you must bump the version of the project.
+define([], function () {
+    // fix up locations so that relative urls work.
+    require.config({ baseUrl: window.location.pathname });
+    require([document.querySelector('script[data-bootload]').getAttribute('data-bootload')]);
+});
diff --git a/www/common/cryptpad-common.js b/www/common/cryptpad-common.js
index 6660cac5b..99beca31b 100644
--- a/www/common/cryptpad-common.js
+++ b/www/common/cryptpad-common.js
@@ -1,5 +1,5 @@
 define([
-    '/api/config?cb=' + Math.random().toString(16).slice(2),
+    '/api/config',
     '/customize/messages.js?app=' + window.location.pathname.split('/').filter(function (x) { return x; }).join('.'),
     '/customize/fsStore.js',
     '/bower_components/chainpad-crypto/crypto.js?v=0.1.5',
@@ -163,10 +163,14 @@ define([
     // var isArray = function (o) { return Object.prototype.toString.call(o) === '[object Array]'; };
     var isArray = common.isArray = $.isArray;
 
-    var fixHTML = common.fixHTML = function (html) {
-        return html.replace(/</g, '&lt;');
+    var fixHTML = common.fixHTML = function (str) {
+        if (!str) { return ''; }
+        return str.replace(/[<>&"']/g, function (x) {
+            return ({ "<": "&lt;", ">": "&gt", "&": "&amp;", '"': "&#34;", "'": "&#39;" })[x];
+        });
     };
 
+
     var truncate = common.truncate = function (text, len) {
         if (typeof(text) === 'string' && text.length > len) {
             return text.slice(0, len) + '…';
@@ -851,7 +855,7 @@ define([
         if (!$('#' + LOADING).is(':visible')) { common.addLoadingScreen(); }
         $('.spinnerContainer').hide();
         if (transparent) { $('#' + LOADING).css('opacity', 0.8); }
-        $('#' + LOADING).find('p').html(error || Messages.error);
+        $('#' + LOADING).find('p').text(error || Messages.error);
     };
 
     /*
@@ -924,7 +928,7 @@ define([
         switch (type) {
             case 'export':
                 button = $('<button>', {
-                    title: Messages.exportButton + '\n' + Messages.exportButtonTitle,
+                    title: Messages.exportButtonTitle,
                 }).append($('<span>', {'class':'fa fa-download', style: 'font:'+size+' FontAwesome'}));
                 if (callback) {
                     button.click(callback);
@@ -932,7 +936,7 @@ define([
                 break;
             case 'import':
                 button = $('<button>', {
-                    title: Messages.importButton + '\n' + Messages.importButtonTitle,
+                    title: Messages.importButtonTitle,
                 }).append($('<span>', {'class':'fa fa-upload', style: 'font:'+size+' FontAwesome'}));
                 if (callback) {
                     button.click(common.importContent('text/plain', function (content, file) {
@@ -943,7 +947,7 @@ define([
             case 'forget':
                 button = $('<button>', {
                     id: 'cryptpad-forget',
-                    title: Messages.forgetButton + '\n' + Messages.forgetButtonTitle,
+                    title: Messages.forgetButtonTitle,
                     'class': "fa fa-trash cryptpad-forget",
                     style: 'font:'+size+' FontAwesome'
                 });
@@ -974,7 +978,7 @@ define([
                                 } else {
                                     callback();
                                 }
-                                common.alert(Messages.movedToTrash);
+                                common.alert(Messages.movedToTrash, undefined, true);
                                 return;
                             });
                         });
@@ -1032,14 +1036,14 @@ define([
                 break;
             case 'present':
                 button = $('<button>', {
-                    title: Messages.presentButton + '\n' + Messages.presentButtonTitle,
+                    title: Messages.presentButtonTitle,
                     'class': "fa fa-play-circle cryptpad-present-button", // class used in slide.js
                     style: 'font:'+size+' FontAwesome'
                 });
                 break;
             case 'source':
                 button = $('<button>', {
-                    title: Messages.sourceButton + '\n' + Messages.sourceButtonTitle,
+                    title: Messages.sourceButtonTitle,
                     'class': "fa fa-stop-circle cryptpad-source-button", // class used in slide.js
                     style: 'font:'+size+' FontAwesome'
                 });
@@ -1158,22 +1162,22 @@ define([
         var $displayedName = $('<span>', {'class': config.displayNameCls || 'displayName'});
         var accountName = localStorage[common.userNameKey];
         var account = isLoggedIn();
-        var $userAdminContent = $('<p>');
-        if (account) {
-            var $userAccount = $('<span>', {'class': 'userAccount'}).append(Messages.user_accountName + ': ' + accountName);
-            $userAdminContent.append($userAccount);
-            $userAdminContent.append($('<br>'));
-        }
         var $userName = $('<span>', {'class': 'userDisplayName'});
-        if (config.displayName) {
-            // Hide "Display name:" in read only mode
-            $userName.append(Messages.user_displayName + ': ');
-            $userName.append($displayedName.clone());
-        }
-        //$userName.append($displayedName.clone()); TODO remove ?
-        $userAdminContent.append($userName);
         var options = [];
         if (config.displayNameCls) {
+            var $userAdminContent = $('<p>');
+            if (account) {
+                var $userAccount = $('<span>', {'class': 'userAccount'}).append(Messages.user_accountName + ': ' + fixHTML(accountName));
+                $userAdminContent.append($userAccount);
+                $userAdminContent.append($('<br>'));
+            }
+            if (config.displayName) {
+                // Hide "Display name:" in read only mode
+                $userName.append(Messages.user_displayName + ': ');
+                $userName.append($displayedName.clone());
+            }
+            //$userName.append($displayedName.clone()); TODO remove ?
+            $userAdminContent.append($userName);
             options.push({
                 tag: 'p',
                 attributes: {'class': 'accountData'},
@@ -1305,8 +1309,9 @@ define([
         $(window).off('keyup', handler);
     };
 
-    common.alert = function (msg, cb) {
+    common.alert = function (msg, cb, force) {
         cb = cb || function () {};
+        if (force !== true) { msg = fixHTML(msg); }
         var keyHandler = listenForKeys(function (e) { // yes
             findOKButton().click();
         });
@@ -1319,9 +1324,10 @@ define([
         });
     };
 
-    common.prompt = function (msg, def, cb, opt) {
+    common.prompt = function (msg, def, cb, opt, force) {
         opt = opt || {};
         cb = cb || function () {};
+        if (force !== true) { msg = fixHTML(msg); }
 
         var keyHandler = listenForKeys(function (e) { // yes
             findOKButton().click();
@@ -1342,9 +1348,11 @@ define([
             });
     };
 
-    common.confirm = function (msg, cb, opt) {
+    common.confirm = function (msg, cb, opt, force) {
         opt = opt || {};
         cb = cb || function () {};
+        if (force !== true) { msg = fixHTML(msg); }
+
         var keyHandler = listenForKeys(function (e) {
             findOKButton().click();
         }, function (e) {
@@ -1364,11 +1372,11 @@ define([
     };
 
     common.log = function (msg) {
-        Alertify.success(msg);
+        Alertify.success(fixHTML(msg));
     };
 
     common.warn = function (msg) {
-        Alertify.error(msg);
+        Alertify.error(fixHTML(msg));
     };
 
     /*
diff --git a/www/common/noscriptfix.js b/www/common/noscriptfix.js
new file mode 100644
index 000000000..532393248
--- /dev/null
+++ b/www/common/noscriptfix.js
@@ -0,0 +1,3 @@
+// Fix for noscript bugs when caching iframe content.
+// Caution, this file will get cached, you must change the name if you change it.
+document.getElementById('pad-iframe').setAttribute('src', 'inner.html?cb=' + (+new Date()));
diff --git a/www/common/toolbar.js b/www/common/toolbar.js
index 1669d8465..ac68e27eb 100644
--- a/www/common/toolbar.js
+++ b/www/common/toolbar.js
@@ -207,32 +207,35 @@ define([
             var anonymous = numberOfEditUsers - editUsersNames.length;
 
             // Update the userlist
+            var $usersTitle = $('<h2>').text(Messages.users);
+            var $editUsers = $userButtons.find('.' + USERLIST_CLS);
+            $editUsers.html('').append($usersTitle);
+
             var editUsersList = '';
+            var $editUsersList = $('<pre>');
             if (readOnly !== 1) {
-                editUsersNames.unshift('<span class="yourself">' + Messages.yourself + '</span>');
+                $editUsers.append('<span class="yourself">' + Messages.yourself + '</span>');
                 anonymous--;
             }
+            if (editUsersNames.length > 0) {
+                $editUsersList.text(editUsersNames.join('\n')); // .text() to avoid XSS
+                $editUsers.append($editUsersList);
+            }
             if (anonymous > 0) {
                 var text = anonymous === 1 ? Messages.anonymousUser : Messages.anonymousUsers;
-                editUsersNames.push('<span class="anonymous">' + anonymous + ' ' + text + '</span>');
+                $editUsers.push('<span class="anonymous">' + anonymous + ' ' + text + '</span>');
             }
             if (numberOfViewUsers > 0) {
                 var viewText = '<span class="viewer">';
                 if (numberOfEditUsers > 0) {
-                    editUsersNames.push('');
+                    $editUsers.append('<br>');
                     viewText += Messages.and + ' ';
                 }
                 var viewerText = numberOfViewUsers !== 1 ? Messages.viewers : Messages.viewer;
                 viewText += numberOfViewUsers + ' ' + viewerText + '</span>';
-                editUsersNames.push(viewText);
-            }
-            if (editUsersNames.length > 0) {
-                editUsersList += editUsersNames.join('<br>');
+                $editUsers.append(viewText);
             }
 
-            var $usersTitle = $('<h2>').text(Messages.users);
-            var $editUsers = $userButtons.find('.' + USERLIST_CLS);
-            $editUsers.html('').append($usersTitle).append(editUsersList);
 
             // Update the buttons
             var fa_editusers = '<span class="fa fa-users"></span>';
diff --git a/www/drive/index.html b/www/drive/index.html
index d9c792a4c..43fe2b44c 100644
--- a/www/drive/index.html
+++ b/www/drive/index.html
@@ -10,13 +10,7 @@
         data-alt-favicon="/customize/alt-favicon.png"
         id="favicon" />
     <link rel="stylesheet" href="/customize/main.css" />
-    <script data-main="main" src="/bower_components/requirejs/require.js"></script>
-    <script>
-        require.config({
-            waitSeconds: 60,
-            urlArgs: "bust=1.1.0",
-        });
-    </script>
+    <script data-bootload="main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
     <style>
         html, body {
             margin: 0px;
@@ -38,10 +32,6 @@
     </style>
 </head>
 <body>
-    <iframe id="pad-iframe"></iframe>
-    <script>
-        document.getElementById('pad-iframe').setAttribute('src', 'inner.html?' + new Date().getTime());
-    </script>
+    <iframe id="pad-iframe"></iframe><script src="/common/noscriptfix.js"></script>
 </body>
 </html>
-
diff --git a/www/drive/main.js b/www/drive/main.js
index e53f1c94d..43d49ca7f 100644
--- a/www/drive/main.js
+++ b/www/drive/main.js
@@ -18,7 +18,6 @@ define([
 
     // Use `$(function () {});` to make sure the html is loaded before doing anything else
     $(function () {
-
     var $iframe = $('#pad-iframe').contents();
     var ifrw = $('#pad-iframe')[0].contentWindow;
 
@@ -1803,7 +1802,7 @@ define([
                 if (path.length !== 4) { return; }
                 var element = filesOp.getTrashElementData(path);
                 var sPath = stringifyPath(element.path);
-                Cryptpad.alert('<strong>' + Messages.fm_originalPath + "</strong>:<br>" + sPath);
+                Cryptpad.alert('<strong>' + Messages.fm_originalPath + "</strong>:<br>" + sPath, undefined, true);
             }
             module.hideMenu();
         });
@@ -1947,7 +1946,7 @@ define([
 
     var setName = APP.setName = function (newName) {
         if (typeof(newName) !== 'string') { return; }
-        var myUserNameTemp = Cryptpad.fixHTML(newName.trim());
+        var myUserNameTemp = newName.trim();
         if(myUserNameTemp.length > 32) {
             myUserNameTemp = myUserNameTemp.substr(0, 32);
         }
@@ -2065,7 +2064,7 @@ define([
                 $backupButton.attr('title', Messages.fm_backup_title);
                 $backupButton.on('click', function() {
                     var url = window.location.origin + window.location.pathname + '#' + editHash;
-                    Cryptpad.alert(Messages._getKey('fm_alert_backupUrl', [url]));
+                    Cryptpad.alert(Messages._getKey('fm_alert_backupUrl', [url]), undefined, true);
                     $('#fm_backupUrl').val(url);
                     $('#fm_backupUrl').click(function () {
                         $(this).select();
@@ -2090,7 +2089,7 @@ define([
             setEditable(false);
             if (APP.refresh) { APP.refresh(); }
             APP.toolbar.failed();
-            Cryptpad.alert(Messages.common_connectionLost);
+            Cryptpad.alert(Messages.common_connectionLost, undefined, true);
         };
         var onReconnect = function (info) {
             setEditable(true);
@@ -2123,6 +2122,5 @@ define([
             onConnectError();
         }
     });
-
     });
 });
diff --git a/www/examples/board/index.html b/www/examples/board/index.html
index ed36db678..df0fb5312 100644
--- a/www/examples/board/index.html
+++ b/www/examples/board/index.html
@@ -10,12 +10,7 @@
         data-alt-favicon="/customize/alt-favicon.png"
         id="favicon" />
     <link rel="stylesheet" href="/customize/main.css" />
-    <script data-main="main" src="/bower_components/requirejs/require.js"></script>
-    <script>
-        require.config({
-            waitSeconds: 60,
-        });
-    </script>
+    <script data-bootload="main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
     <style>
         html, body {
             width: 100;
@@ -100,4 +95,3 @@
     <div id="lists"></div>
     <span id="create-list">Add List</span>
 </div>
-
diff --git a/www/examples/canvas/index.html b/www/examples/canvas/index.html
index d06875c67..4c2f990d1 100644
--- a/www/examples/canvas/index.html
+++ b/www/examples/canvas/index.html
@@ -3,7 +3,7 @@
 <head>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
-    <script data-main="main" src="/bower_components/requirejs/require.js"></script>
+    <script data-bootload="main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
     <style>
         html, body{
             padding: 0px;
@@ -59,7 +59,7 @@
 </head>
 <body>
 
-    <canvas id="canvas" width="600" height="600" ></canvas> 
+    <canvas id="canvas" width="600" height="600" ></canvas>
 
     <div id="copy">
         <h2>Welcome to CryptCanvas!</h2>
@@ -76,4 +76,3 @@
 
 </body>
 </html>
-
diff --git a/www/examples/form/index.html b/www/examples/form/index.html
index 064063814..b3ceb3a10 100644
--- a/www/examples/form/index.html
+++ b/www/examples/form/index.html
@@ -3,7 +3,7 @@
 <head>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
-    <script data-main="main" src="/bower_components/requirejs/require.js"></script>
+    <script data-bootload="main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
     <style>
         html, body{
             padding: 0px;
@@ -41,7 +41,7 @@
 <body>
 
     <form>
-        <input type="radio" name="radio" value="one" checked>One 
+        <input type="radio" name="radio" value="one" checked>One
         <input type="radio" name="radio" value="two">Two
         <input type="radio" name="radio" value="three">Three<br>
 
@@ -76,4 +76,3 @@
 
 </body>
 </html>
-
diff --git a/www/examples/hack/index.html b/www/examples/hack/index.html
index 2e8df970f..fb1dc3dcf 100644
--- a/www/examples/hack/index.html
+++ b/www/examples/hack/index.html
@@ -3,7 +3,7 @@
 <head>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
-    <script data-main="main" src="/bower_components/requirejs/require.js"></script>
+    <script data-bootload="main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
     <style>
         html, body{
             padding: 0px;
@@ -75,4 +75,3 @@
     </div>
 </body>
 </html>
-
diff --git a/www/examples/json/index.html b/www/examples/json/index.html
index 166613c8d..770a86929 100644
--- a/www/examples/json/index.html
+++ b/www/examples/json/index.html
@@ -3,7 +3,7 @@
 <head>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
-    <script data-main="main" src="/bower_components/requirejs/require.js"></script>
+    <script data-bootload="main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
     <style>
         html, body{
             padding: 0px;
@@ -48,4 +48,3 @@
     </div>
 </body>
 </html>
-
diff --git a/www/examples/read/index.html b/www/examples/read/index.html
index 326e46158..399a43309 100644
--- a/www/examples/read/index.html
+++ b/www/examples/read/index.html
@@ -2,12 +2,7 @@
 <html>
 <head>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
-    <script data-main="main" src="/bower_components/requirejs/require.js"></script>
-    <script>
-        require.config({
-            waitSeconds: 60,
-        });
-    </script>
+    <script data-bootload="main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
     <link rel="icon" type="image/png"
         href="/customize/main-favicon.png"
 
diff --git a/www/examples/render/index.html b/www/examples/render/index.html
index f79120fd0..24e7e41b5 100644
--- a/www/examples/render/index.html
+++ b/www/examples/render/index.html
@@ -4,7 +4,7 @@
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
     <link rel="stylesheet" href="/common/render-sd.css" />
-    <script data-main="main" src="/bower_components/requirejs/require.js"></script>
+    <script data-bootload="main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
     <style>
         html, body {
             padding: 0;
@@ -38,5 +38,5 @@
 </head>
 <body>
     <div id="target">
-        <div id="inner"></div> 
+        <div id="inner"></div>
     </div>
diff --git a/www/examples/style/index.html b/www/examples/style/index.html
index 4ede5c688..65f63ad88 100644
--- a/www/examples/style/index.html
+++ b/www/examples/style/index.html
@@ -3,18 +3,18 @@
     <head>
         <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
         <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
-        <script data-main="main" src="/bower_components/requirejs/require.js"></script>
+        <script data-bootload="main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
         <style></style>
     </head>
     <body>
         <a id="edit" href="#" target="_blank">Edit this document's style</a>
 
 <h1>HTML Ipsum Presents</h1>
-           
+
 <p><strong>Pellentesque habitant morbi tristique</strong> senectus et netus et malesuada fames ac turpis egestas. Vestibulum tortor quam, feugiat vitae, ultricies eget, tempor sit amet, ante. Donec eu libero sit amet quam egestas semper. <em>Aenean ultricies mi vitae est.</em> Mauris placerat eleifend leo. Quisque sit amet est et sapien ullamcorper pharetra. Vestibulum erat wisi, condimentum sed, <code>commodo vitae</code>, ornare sit amet, wisi. Aenean fermentum, elit eget tincidunt condimentum, eros ipsum rutrum orci, sagittis tempus lacus enim ac dui. <a href="#">Donec non enim</a> in turpis pulvinar facilisis. Ut felis.</p>
 
 <h2>Header Level 2</h2>
-           
+
 <ol>
    <li>Lorem ipsum dolor sit amet, consectetuer adipiscing elit.</li>
    <li>Aliquam tincidunt mauris eu risus.</li>
@@ -30,10 +30,10 @@
 </ul>
 
 <pre><code>
-#header h1 a { 
-    display: block; 
-    width: 300px; 
-    height: 80px; 
+#header h1 a {
+    display: block;
+    width: 300px;
+    height: 80px;
 }
 </code></pre>
 
@@ -58,4 +58,3 @@
 
 </body>
 </html>
-
diff --git a/www/examples/text/index.html b/www/examples/text/index.html
index 514095e99..b22cb7321 100644
--- a/www/examples/text/index.html
+++ b/www/examples/text/index.html
@@ -3,7 +3,7 @@
 <head>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
-    <script data-main="main" src="/bower_components/requirejs/require.js"></script>
+    <script data-bootload="main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
     <style>
         html, body{
             padding: 0px;
@@ -36,4 +36,3 @@
     <textarea></textarea>
 </body>
 </html>
-
diff --git a/www/examples/upload/index.html b/www/examples/upload/index.html
index 765634f9f..0bf8d6c3b 100644
--- a/www/examples/upload/index.html
+++ b/www/examples/upload/index.html
@@ -2,12 +2,7 @@
 <html>
 <head>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
-    <script data-main="main" src="/bower_components/requirejs/require.js"></script>
-    <script>
-        require.config({
-            waitSeconds: 60,
-        });
-    </script>
+    <script data-bootload="main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
     <link rel="icon" type="image/png"
         href="/customize/main-favicon.png"
 
@@ -31,4 +26,3 @@ pre {
 <h1>Upload</h1>
 
 <input type="file">
-
diff --git a/www/login/index.html b/www/login/index.html
index 6dd755e2f..e38950b75 100644
--- a/www/login/index.html
+++ b/www/login/index.html
@@ -9,14 +9,7 @@
     <link rel="icon" type="image/png" href="/customize/main-favicon.png" id="favicon"/>
     <script src="/bower_components/jquery/dist/jquery.min.js"></script>
     <link rel="stylesheet" href="/bower_components/bootstrap/dist/css/bootstrap.min.css">
-    <script data-main="main" src="/bower_components/requirejs/require.js"></script>
-    <script src="/bower_components/requirejs/require.js"></script>
-    <script>
-        require.config({
-            waitSeconds: 60,
-            urlArgs: "bust=1.1.0",
-        });
-    </script>
+    <script data-bootload="main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
 </head>
 <body class="html">
     <div id="cryptpadTopBar">
@@ -77,4 +70,3 @@
 
 </body>
 </html>
-
diff --git a/www/pad/index.html b/www/pad/index.html
index 4e52ea218..4e7aeba58 100644
--- a/www/pad/index.html
+++ b/www/pad/index.html
@@ -10,13 +10,7 @@
         data-alt-favicon="/customize/alt-favicon.png"
         id="favicon" />
     <link rel="stylesheet" href="/customize/main.css" />
-    <script data-main="main" src="/bower_components/requirejs/require.js"></script>
-    <script>
-        require.config({
-            waitSeconds: 60,
-            urlArgs: "bust=1.1.0",
-        });
-    </script>
+    <script data-bootload="main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
     <style>
         html, body {
             margin: 0px;
@@ -61,10 +55,6 @@
     </style>
 </head>
 <body>
-    <iframe id="pad-iframe"></iframe>
-    <script>
-        document.getElementById('pad-iframe').setAttribute('src', 'inner.html?' + new Date().getTime());
-    </script>
+    <iframe id="pad-iframe"></iframe><script src="/common/noscriptfix.js"></script>
 </body>
 </html>
-
diff --git a/www/pad/main.js b/www/pad/main.js
index c3a746d14..28476dd68 100644
--- a/www/pad/main.js
+++ b/www/pad/main.js
@@ -293,7 +293,7 @@ define([
 
             var setName = module.setName = function (newName) {
                 if (typeof(newName) !== 'string') { return; }
-                var myUserNameTemp = Cryptpad.fixHTML(newName.trim());
+                var myUserNameTemp = newName.trim();
                 if(myUserNameTemp.length > 32) {
                     myUserNameTemp = myUserNameTemp.substr(0, 32);
                 }
@@ -524,13 +524,7 @@ define([
             };
 
             var getHTML = function (Dom) {
-                var data = inner.innerHTML;
-                Dom = Dom || (new DOMParser()).parseFromString(data,"text/html");
-                return ('<!DOCTYPE html>\n' +
-                    '<html>\n' +
-                    (typeof(Hyperjson.toString) === 'function'?
-                        Hyperjson.toString(Hyperjson.fromDOM(Dom.body)):
-                        Dom.head.outerHTML) + '\n');
+                return ('<!DOCTYPE html>\n' + '<html>\n' + inner.innerHTML);
             };
 
             var domFromHTML = function (html) {
@@ -732,7 +726,7 @@ define([
                 setEditable(false);
                 // TODO inform them that the session was torn down
                 toolbar.failed();
-                Cryptpad.alert(Messages.common_connectionLost);
+                Cryptpad.alert(Messages.common_connectionLost, undefined, true);
             };
 
             var onConnectionChange = realtimeOptions.onConnectionChange = function (info) {
@@ -743,7 +737,7 @@ define([
                     toolbar.reconnecting(info.myId);
                     Cryptpad.findOKButton().click();
                 } else {
-                    Cryptpad.alert(Messages.common_connectionLost);
+                    Cryptpad.alert(Messages.common_connectionLost, undefined, true);
                 }
             };
 
diff --git a/www/poll/index.html b/www/poll/index.html
index cdaf574f3..363cae7e6 100644
--- a/www/poll/index.html
+++ b/www/poll/index.html
@@ -11,11 +11,7 @@
         id="favicon" />
     <link rel="stylesheet" href="/bower_components/components-font-awesome/css/font-awesome.min.css">
     <link rel="stylesheet" href="/customize/main.css" />
-    <script data-main="main" src="/bower_components/requirejs/require.js"></script>
-    <script> require.config({
-        waitSeconds: 60,
-        urlArgs: "bust=1.1.0",
-    }); </script>
+    <script data-bootload="main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
     <style>
         html, body {
             width: 100%;
diff --git a/www/poll/main.js b/www/poll/main.js
index 69954b409..d7e391c8b 100644
--- a/www/poll/main.js
+++ b/www/poll/main.js
@@ -440,7 +440,7 @@ define([
 
     var setName = APP.setName = function (newName) {
         if (typeof(newName) !== 'string') { return; }
-        var myUserNameTemp = Cryptpad.fixHTML(newName.trim());
+        var myUserNameTemp = newName.trim();
         if(myUserNameTemp.length > 32) {
             myUserNameTemp = myUserNameTemp.substr(0, 32);
         }
@@ -662,7 +662,7 @@ define([
 
     var disconnect = function (info) {
         //setEditable(false); // TODO
-        Cryptpad.alert(Messages.common_connectionLost);
+        Cryptpad.alert(Messages.common_connectionLost, undefined, true);
     };
 
     var create = function (info) {
diff --git a/www/register/index.html b/www/register/index.html
index 0e427c3da..8c021f294 100644
--- a/www/register/index.html
+++ b/www/register/index.html
@@ -5,15 +5,9 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
     <title>Cryptpad: login</title>
     <link rel="stylesheet" href="/bower_components/components-font-awesome/css/font-awesome.min.css">
-    <script data-main="main" src="/bower_components/requirejs/require.js"></script>
+    <script data-bootload="main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
     <link rel="stylesheet" href="/customize/main.css" />
     <link rel="stylesheet" href="/bower_components/bootstrap/dist/css/bootstrap.min.css">
-    <script>
-        require.config({
-            waitSeconds: 60,
-            urlArgs: "bust=1.1.0",
-        });
-    </script>
 </head>
 <body class="html">
     <div id="cryptpadTopBar">
@@ -89,4 +83,3 @@
 
 </body>
 </html>
-
diff --git a/www/settings/index.html b/www/settings/index.html
index bbe122ed1..9122a535f 100644
--- a/www/settings/index.html
+++ b/www/settings/index.html
@@ -1,5 +1,6 @@
 <!DOCTYPE html>
 <html class="cp">
+<!-- If this file is not called customize.dist/src/template.html, it is generated -->
 <head>
     <title data-localization="main_title">Cryptpad: Zero Knowledge, Collaborative Real Time Editing</title>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
@@ -10,16 +11,8 @@
     <script src="/bower_components/jquery/dist/jquery.min.js"></script>
     <link rel="stylesheet" href="/bower_components/bootstrap/dist/css/bootstrap.min.css">
         <link rel="stylesheet" type="text/css" href="main.css" />
-    <script data-main="main" src="/bower_components/requirejs/require.js"></script>
+    <script data-bootload="main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
 
-
-    <script src="/bower_components/requirejs/require.js"></script>
-    <script>
-        require.config({
-            waitSeconds: 60,
-            urlArgs: "bust=1.1.0",
-        });
-    </script>
 </head>
 <body class="html">
     <div id="cryptpadTopBar">
@@ -68,8 +61,7 @@
 
 
     <div id="mainBlock" class="hidden">
-        <script data-main="main" src="/bower_components/requirejs/require.js"></script>
-    <div id="container"></div>
+        <div id="container"></div>
 
     </div>
 
@@ -118,4 +110,3 @@
 
 </body>
 </html>
-
diff --git a/www/settings/main.js b/www/settings/main.js
index ab3330ccd..f886506b1 100644
--- a/www/settings/main.js
+++ b/www/settings/main.js
@@ -171,7 +171,7 @@ define([
                 }
                 obj.proxy.drive = Cryptpad.getStore().getEmptyObject();
                 Cryptpad.alert(Messages.settings_resetDone);
-            });
+            }, undefined, true);
         });
 
         return $div;
diff --git a/www/slide/index.html b/www/slide/index.html
index ca003a50b..30dac12e8 100644
--- a/www/slide/index.html
+++ b/www/slide/index.html
@@ -3,13 +3,7 @@
 <head>
     <title>CryptPad</title>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
-    <script data-main="main" src="/bower_components/requirejs/require.js"></script>
-    <script>
-        require.config({
-            waitSeconds: 60,
-            urlArgs: "bust=1.1.0",
-        });
-    </script>
+    <script data-bootload="main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
     <link rel="icon" type="image/png"
         href="/customize/main-favicon.png"
 
@@ -52,11 +46,7 @@
 </head>
 <body>
     <div id="iframe-container">
-        <iframe id="pad-iframe"></iframe>
-        <script>
-            document.getElementById('pad-iframe').setAttribute('src', 'inner.html?' + new Date().getTime());
-        </script>
+        <iframe id="pad-iframe"></iframe><script src="/common/noscriptfix.js"></script>
     </div>
 </body>
 </html>
-
diff --git a/www/slide/main.js b/www/slide/main.js
index 86486227d..7127a38bf 100644
--- a/www/slide/main.js
+++ b/www/slide/main.js
@@ -138,7 +138,7 @@ define([
             Slide.setModal($modal, $content, $pad, ifrw, initialState);
 
             var enterPresentationMode = function (shouldLog) {
-                Slide.show(true, $textarea.val());
+                Slide.show(true, editor.getValue());
                 if (shouldLog) {
                     Cryptpad.log(Messages.presentSuccess);
                 }
@@ -530,13 +530,13 @@ define([
                         id: SLIDE_BACKCOLOR_ID,
                         'class': 'fa fa-square rightside-button',
                         'style': 'font-family: FontAwesome; color: #000;',
-                        title: Messages.backgroundButton + '\n' + Messages.backgroundButtonTitle
+                        title: Messages.backgroundButtonTitle
                     });
                     var $text = $('<button>', {
                         id: SLIDE_COLOR_ID,
                         'class': 'fa fa-i-cursor rightside-button',
                         'style': 'font-family: FontAwesome; font-weight: bold; color: #fff; background: #000;',
-                        title: Messages.colorButton + '\n' + Messages.colorButtonTitle
+                        title: Messages.colorButtonTitle
                     });
                     var $testColor = $('<input>', { type: 'color', value: '!' });
                     var $check = $pad.contents().find("#colorPicker_check");
@@ -771,7 +771,7 @@ define([
                 // inform of network disconnect
                 setEditable(false);
                 toolbar.failed();
-                Cryptpad.alert(Messages.common_connectionLost);
+                Cryptpad.alert(Messages.common_connectionLost, undefined, true);
             };
 
             var onConnectionChange = config.onConnectionChange = function (info) {
@@ -782,7 +782,7 @@ define([
                     toolbar.reconnecting(info.myId);
                     Cryptpad.findOKButton().click();
                 } else {
-                    Cryptpad.alert(Messages.common_connectionLost);
+                    Cryptpad.alert(Messages.common_connectionLost, undefined, true);
                 }
             };