diff --git a/.jshintignore b/.jshintignore
index aad5dea36..d465e02b9 100644
--- a/.jshintignore
+++ b/.jshintignore
@@ -11,3 +11,4 @@ www/common/hyperscript.js
 www/common/tippy.min.js
 
 www/pad/wysiwygarea-plugin.js
+www/pad2/wysiwygarea-plugin.js
diff --git a/bower.json b/bower.json
index 0880e56ef..9c88d0033 100644
--- a/bower.json
+++ b/bower.json
@@ -23,7 +23,7 @@
     "components-font-awesome": "^4.6.3",
     "ckeditor": "~4.7",
     "codemirror": "^5.19.0",
-    "requirejs": "2.1.15",
+    "requirejs": "2.3.5",
     "marked": "0.3.5",
     "rangy": "rangy-release#~1.3.0",
     "json.sortify": "~2.1.0",
@@ -40,6 +40,7 @@
     "less": "^2.7.2",
     "bootstrap": "#v4.0.0-alpha.6",
     "diff-dom": "2.1.1",
+    "nthen": "^0.1.5",
     "open-sans-fontface": "^1.4.2"
   }
 }
diff --git a/config.example.js b/config.example.js
index 7af6cf8af..1b28a5e89 100644
--- a/config.example.js
+++ b/config.example.js
@@ -2,6 +2,7 @@
 /*
     globals module
 */
+var domain = ' http://localhost:3000/';
 module.exports = {
 
     // the address you want to bind to, :: means all ipv4 and ipv6 addresses
@@ -18,14 +19,14 @@ module.exports = {
     httpHeaders: {
         "X-XSS-Protection": "1; mode=block",
         "X-Content-Type-Options": "nosniff",
-        'X-Frame-Options': 'SAMEORIGIN',
+        "Access-Control-Allow-Origin": "*"
     },
 
     contentSecurity: [
         "default-src 'none'",
-        "style-src 'unsafe-inline' 'self'",
-        "script-src 'self'",
-        "font-src 'self' data:",
+        "style-src 'unsafe-inline' 'self' " + domain,
+        "script-src 'self'" + domain,
+        "font-src 'self' data:" + domain,
 
         /*  child-src is used to restrict iframes to a set of allowed domains.
          *  connect-src is used to restrict what domains can connect to the websocket.
@@ -33,7 +34,7 @@ module.exports = {
          *  it is recommended that you configure these fields to match the
          *  domain which will serve your CryptPad instance.
          */
-        "child-src 'self' blob: *",
+        "child-src blob: *",
 
         "media-src * blob:",
 
@@ -41,30 +42,30 @@ module.exports = {
             if you are deploying to production, you'll probably want to remove
             the ws://* directive, and change '*' to your domain
          */
-        "connect-src 'self' ws: wss: blob:",
+        "connect-src 'self' ws: wss: blob:" + domain,
 
         // data: is used by codemirror
-        "img-src 'self' data: blob:",
+        "img-src 'self' data: blob:" + domain,
 
-        // for accounts.cryptpad.fr authentication
-        "frame-ancestors 'self' accounts.cryptpad.fr",
+        // for accounts.cryptpad.fr authentication and pad2 cross-domain iframe sandbox
+        "frame-ancestors *",
     ].join('; '),
 
     // CKEditor requires significantly more lax content security policy in order to function.
     padContentSecurity: [
         "default-src 'none'",
-        "style-src 'unsafe-inline' 'self'",
+        "style-src 'unsafe-inline' 'self'" + domain,
         // Unsafe inline, unsafe-eval are needed for ckeditor :(
-        "script-src 'self' 'unsafe-eval' 'unsafe-inline'",
-        "font-src 'self'",
+        "script-src 'self' 'unsafe-eval' 'unsafe-inline'" + domain,
+        "font-src 'self'" + domain,
 
         /*  See above under 'contentSecurity' as to how these values should be
          *  configured for best effect.
          */
-         "child-src 'self' *",
+         "child-src *",
 
         // see the comment above in the 'contentSecurity' section
-         "connect-src 'self' ws: wss:",
+         "connect-src 'self' ws: wss:" + domain,
 
         // (insecure remote) images are included by users of the wysiwyg who embed photos in their pads
         "img-src * blob:",
@@ -72,6 +73,13 @@ module.exports = {
 
     httpPort: 3000,
 
+    // This is for allowing the cross-domain iframe to function when developing
+    httpSafePort: 3001,
+
+    // This is for deployment in production, CryptPad uses a separate origin (domain) to host the
+    // cross-domain iframe. It can simply host the same content as CryptPad.
+    // httpSafeOrigin: "https://some-other-domain.xyz",
+
     /*  your server's websocket url is configurable
      *  (default: '/cryptpad_websocket')
      *
diff --git a/customize.dist/about.html b/customize.dist/about.html
index 03032969b..31d4c99f8 100644
--- a/customize.dist/about.html
+++ b/customize.dist/about.html
@@ -6,7 +6,7 @@
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
     <link rel="icon" type="image/png" href="/customize/main-favicon.png" id="favicon"/>
-    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
 </head>
 <body class="html">
     <noscript>
diff --git a/customize.dist/bkabout.jpg b/customize.dist/bkabout.jpg
index 43de08268..01a51c176 100644
Binary files a/customize.dist/bkabout.jpg and b/customize.dist/bkabout.jpg differ
diff --git a/customize.dist/bkwhat.jpg b/customize.dist/bkwhat.jpg
new file mode 100644
index 000000000..3549f7acb
Binary files /dev/null and b/customize.dist/bkwhat.jpg differ
diff --git a/customize.dist/ckeditor-config.js b/customize.dist/ckeditor-config.js
index 019014299..ac7989294 100644
--- a/customize.dist/ckeditor-config.js
+++ b/customize.dist/ckeditor-config.js
@@ -27,7 +27,7 @@ CKEDITOR.editorConfig = function( config ) {
 
     config.font_defaultLabel = 'Arial';
     config.fontSize_defaultLabel = '16';
-    config.contentsCss = '/customize/ckeditor-contents.css';
+    config.contentsCss = '/customize/ckeditor-contents.css?' + CKEDITOR.CRYPTPAD_URLARGS;
 
     config.keystrokes = [
         [ CKEDITOR.ALT + 121 /*F10*/, 'toolbarFocus' ],
@@ -55,3 +55,16 @@ CKEDITOR.editorConfig = function( config ) {
     //skin: 'moono-dark,/pad/themes/moono-dark/'
     //skin: 'office2013,/pad/themes/office2013/'
 };
+
+(function () {
+    // These are overrides inside of ckeditor which add ?ver= to the CSS files so that
+    // every part of ckeditor will get in the browser cache.
+    var fix = function (x) {
+        if (x.map) { return x.map(fix); }
+        return (/\/bower_components\/.*\.css$/.test(x)) ? (x + '?ver=' + CKEDITOR.timestamp) : x;
+    };
+    CKEDITOR.tools._buildStyleHtml = CKEDITOR.tools.buildStyleHtml;
+    CKEDITOR.document._appendStyleSheet = CKEDITOR.document.appendStyleSheet;
+    CKEDITOR.tools.buildStyleHtml = function (x) { return CKEDITOR.tools._buildStyleHtml(fix(x)); };
+    CKEDITOR.document.appendStyleSheet = function (x) { return CKEDITOR.document._appendStyleSheet(fix(x)); };
+}());
\ No newline at end of file
diff --git a/customize.dist/contact.html b/customize.dist/contact.html
index 03032969b..31d4c99f8 100644
--- a/customize.dist/contact.html
+++ b/customize.dist/contact.html
@@ -6,7 +6,7 @@
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
     <link rel="icon" type="image/png" href="/customize/main-favicon.png" id="favicon"/>
-    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
 </head>
 <body class="html">
     <noscript>
diff --git a/customize.dist/index.html b/customize.dist/index.html
index 03032969b..31d4c99f8 100644
--- a/customize.dist/index.html
+++ b/customize.dist/index.html
@@ -6,7 +6,7 @@
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
     <link rel="icon" type="image/png" href="/customize/main-favicon.png" id="favicon"/>
-    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
 </head>
 <body class="html">
     <noscript>
diff --git a/customize.dist/pages.js b/customize.dist/pages.js
index 9e2759786..784fc007f 100644
--- a/customize.dist/pages.js
+++ b/customize.dist/pages.js
@@ -188,10 +188,10 @@ define([
                         h('h3', "Pierre Bondoerffer"),
                         h('hr'),
                         setHTML(h('div#bioPierre'), '<p>Resident CSS wizard and emoji extraordinaire, Pierre is passionate about anything related to technology. He loves to hack around computers and put parts together.<br/>He is currently studying at 42, where he learns about algorithms, networking, kernel programming and graphics.<br/>As a part of an internship, he joined XWiki SAS and worked on CryptPad to improve user experience. He also maintains the Spanish translation.</p>'),
-                        h('a.cp-soc-media', { href : 'https://twitter.com/cjdelisle'}, [
+                        h('a.cp-soc-media', { href : 'https://twitter.com/pbondoer'}, [
                                 h('i.fa.fa-twitter')
                             ]),
-                        h('a.cp-soc-media', { href : 'https://github.com/cjdelisle'}, [
+                        h('a.cp-soc-media', { href : 'https://github.com/pbondoer'}, [
                                 h('i.fa.fa-github')
                             ])
                     ]),
@@ -291,32 +291,54 @@ define([
     Pages['/what-is-cryptpad.html'] = function () {
         return h('div#cp-main', [
             infopageTopbar(),
+            h('div.container-fluid.cp-what-is',[
+                h('div.container',[
+                    h('div.row',[
+                        h('div.col-12.text-center', h('h1', Msg.whatis_title)),
+                    ]),
+                ]),
+            ]),
             h('div.container.cp-container', [
-                h('center', h('h1', Msg.whatis_title)),
-                setHTML(h('h2'), Msg.whatis_collaboration),
-                setHTML(h('p'), Msg.whatis_collaboration_p1),
-                h('img', { src: '/customize/images/pad_screenshot.png?' + urlArgs }),
-                setHTML(h('p'), Msg.whatis_collaboration_p2),
-                setHTML(h('p'), Msg.whatis_collaboration_p3),
-                setHTML(h('h2'), Msg.whatis_zeroknowledge),
-                h('div.row', [
-                    h('div.col-md-4.align-self-center', [
-                        h('img#zeroknowledge', { src: '/customize/images/zeroknowledge_small.png?' + urlArgs }),
+                h('div.row.align-items-center', [
+                    h('div.col-12.col-sm-12.col-md-12.col-lg-6', [
+                        setHTML(h('h2'), Msg.whatis_collaboration),
+                        setHTML(h('p'), Msg.whatis_collaboration_p1),
+                        setHTML(h('p'), Msg.whatis_collaboration_p2),
+                        setHTML(h('p'), Msg.whatis_collaboration_p3),
+                    ]),
+                    h('div.col-12.col-sm-12.col-md-12.col-lg-6', [
+                        h('img', { src: '/customize/images/pad_screenshot.png?' + urlArgs }),
                     ]),
-                    h('div.col-md-8', [
+                ]),
+                h('div.row.align-items-center', [
+                    h('div.col-12.col-sm-12.col-md-12.col-lg-6.push-lg-6', [
+                        setHTML(h('h2'), Msg.whatis_zeroknowledge),
                         setHTML(h('p'), Msg.whatis_zeroknowledge_p1),
                         setHTML(h('p'), Msg.whatis_zeroknowledge_p2),
                         setHTML(h('p'), Msg.whatis_zeroknowledge_p3),
                     ]),
+                    h('div.col-12.col-sm-12.col-md-12.col-lg-6.pull-lg-6', [
+                        h('img#zeroknowledge', { src: '/customize/images/zeroknowledge_small.png?' + urlArgs }),
+                    ]),
+                ]),
+                h('div.row.align-items-center', [
+                    h('div.col-12.col-sm-12.col-md-12.col-lg-6', [
+                        setHTML(h('h2'), Msg.whatis_drive),
+                        setHTML(h('p'), Msg.whatis_drive_p1),
+                        setHTML(h('p'), Msg.whatis_drive_p2),
+                        setHTML(h('p'), Msg.whatis_drive_p3),
+                    ]),
+                    h('div.col-12.col-sm-12.col-md-12.col-lg-6', [
+                        h('img', { src: '/customize/images/drive_screenshot.png?' + urlArgs }),
+                    ]),
+                ]),
+                h('div.row.align-items-center', [
+                    h('div.col-12', [
+                        setHTML(h('h2.text-center'), Msg.whatis_business),
+                        setHTML(h('p'), Msg.whatis_business_p1),
+                        setHTML(h('p'), Msg.whatis_business_p2),
+                    ]),
                 ]),
-                setHTML(h('h2'), Msg.whatis_drive),
-                setHTML(h('p'), Msg.whatis_drive_p1),
-                h('img', { src: '/customize/images/drive_screenshot.png?' + urlArgs }),
-                setHTML(h('p'), Msg.whatis_drive_p2),
-                setHTML(h('p'), Msg.whatis_drive_p3),
-                setHTML(h('h2'), Msg.whatis_business),
-                setHTML(h('p'), Msg.whatis_business_p1),
-                setHTML(h('p'), Msg.whatis_business_p2),
             ]),
             infopageFooter(),
         ]);
diff --git a/customize.dist/privacy.html b/customize.dist/privacy.html
index 03032969b..31d4c99f8 100644
--- a/customize.dist/privacy.html
+++ b/customize.dist/privacy.html
@@ -6,7 +6,7 @@
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
     <link rel="icon" type="image/png" href="/customize/main-favicon.png" id="favicon"/>
-    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
 </head>
 <body class="html">
     <noscript>
diff --git a/customize.dist/src/less/toolbar.less b/customize.dist/src/less/toolbar.less
index 91afca6ae..cbbbd9dd2 100644
--- a/customize.dist/src/less/toolbar.less
+++ b/customize.dist/src/less/toolbar.less
@@ -56,7 +56,7 @@
     display: flex;
     overflow: visible;
     iframe {
-        height: auto;
+        height: 100%;
         width: 100%;
     }
 }
diff --git a/customize.dist/src/less2/pages/page-login.less b/customize.dist/src/less2/pages/page-login.less
index cbde08893..050064348 100644
--- a/customize.dist/src/less2/pages/page-login.less
+++ b/customize.dist/src/less2/pages/page-login.less
@@ -73,6 +73,6 @@
     }
 }
 .cp-container {
-	padding-top: 0;
+	padding-top: 3em;
 	min-height: 66vh;
 }
\ No newline at end of file
diff --git a/customize.dist/src/less2/pages/page-what-is-cryptpad.less b/customize.dist/src/less2/pages/page-what-is-cryptpad.less
index b57517a01..cf127e1ec 100644
--- a/customize.dist/src/less2/pages/page-what-is-cryptpad.less
+++ b/customize.dist/src/less2/pages/page-what-is-cryptpad.less
@@ -4,6 +4,40 @@
 .infopages_main();
 .infopages_topbar();
 
-img#zeroknowledge {
-	width: 100%;
+.cp-what-is {
+		padding-top: 3em;
+	    padding-bottom: 3em;
+	    background-image: url(/customize/bkwhat.jpg);
+	    background-size: cover;
+	    background-repeat: no-repeat;
+	    background-position: center;
+	    color: #fff;
+	    h1 {
+	    	font-weight: 700;
+	    }
 }
+#cp-main {
+	background: #fff;
+}
+.cp-container {
+	padding-top: 3em;
+	padding-bottom: 3em;
+	h2 {
+		margin-top: 0;
+		font-weight: 700;
+		color: @cryptpad_header_col;
+	}
+	p {
+		color: @cryptpad_text_col
+	}
+	#zeroknowledge {
+		width: 65%;
+	}
+	.row {
+		margin-bottom: 1.5em;
+	}
+	img {
+		display: block;
+		margin: 0 auto;
+	}
+}
\ No newline at end of file
diff --git a/customize.dist/src/template.html b/customize.dist/src/template.html
index 03032969b..31d4c99f8 100644
--- a/customize.dist/src/template.html
+++ b/customize.dist/src/template.html
@@ -6,7 +6,7 @@
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
     <link rel="icon" type="image/png" href="/customize/main-favicon.png" id="favicon"/>
-    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
 </head>
 <body class="html">
     <noscript>
diff --git a/customize.dist/terms.html b/customize.dist/terms.html
index 03032969b..31d4c99f8 100644
--- a/customize.dist/terms.html
+++ b/customize.dist/terms.html
@@ -6,7 +6,7 @@
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
     <link rel="icon" type="image/png" href="/customize/main-favicon.png" id="favicon"/>
-    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
 </head>
 <body class="html">
     <noscript>
diff --git a/customize.dist/what-is-cryptpad.html b/customize.dist/what-is-cryptpad.html
index 03032969b..31d4c99f8 100644
--- a/customize.dist/what-is-cryptpad.html
+++ b/customize.dist/what-is-cryptpad.html
@@ -6,7 +6,7 @@
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
     <link rel="icon" type="image/png" href="/customize/main-favicon.png" id="favicon"/>
-    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
 </head>
 <body class="html">
     <noscript>
diff --git a/server.js b/server.js
index aed35c2fc..faab366f6 100644
--- a/server.js
+++ b/server.js
@@ -38,7 +38,8 @@ var setHeaders = (function () {
         if (headers['Content-Security-Policy'].indexOf('frame-ancestors') === -1) {
             // backward compat for those who do not merge the new version of the config
             // when updating. This prevents endless spinner if someone clicks donate.
-            headers['Content-Security-Policy'] += "frame-ancestors 'self' accounts.cryptpad.fr;";
+            // It also fixes the cross-domain iframe.
+            headers['Content-Security-Policy'] += "frame-ancestors *;";
         }
     }
     const padHeaders = clone(headers);
@@ -47,7 +48,7 @@ var setHeaders = (function () {
     }
     if (Object.keys(headers).length) {
         return function (req, res) {
-            const h = /^\/pad\/inner\.html.*/.test(req.url) ? padHeaders : headers;
+            const h = /^\/pad(2)?\/inner\.html.*/.test(req.url) ? padHeaders : headers;
             for (let header in h) { res.setHeader(header, h[header]); }
         };
     }
@@ -124,18 +125,29 @@ if (config.privKeyAndCertFiles) {
 app.get('/api/config', function(req, res){
     var host = req.headers.host.replace(/\:[0-9]+/, '');
     res.setHeader('Content-Type', 'text/javascript');
-    res.send('define(' + JSON.stringify({
-        requireConf: {
-            waitSeconds: 60,
-            urlArgs: 'ver=' + Package.version + (DEV_MODE? '-' + (+new Date()): ''),
-        },
-        removeDonateButton: (config.removeDonateButton === true),
-        allowSubscriptions: (config.allowSubscriptions === true),
-
-        websocketPath: config.useExternalWebsocket ? undefined : config.websocketPath,
-        websocketURL:'ws' + ((useSecureWebsockets) ? 's' : '') + '://' + host + ':' +
-            websocketPort + '/cryptpad_websocket',
-    }) + ');');
+    res.send('define(function(){\n' + [
+        'var obj = ' + JSON.stringify({
+            requireConf: {
+                waitSeconds: 60,
+                urlArgs: 'ver=' + Package.version + (DEV_MODE? '-' + (+new Date()): ''),
+            },
+            removeDonateButton: (config.removeDonateButton === true),
+            allowSubscriptions: (config.allowSubscriptions === true),
+            websocketPath: config.useExternalWebsocket ? undefined : config.websocketPath,
+            websocketURL:'ws' + ((useSecureWebsockets) ? 's' : '') + '://' + host + ':' +
+                websocketPort + '/cryptpad_websocket',
+        }, null, '\t'),
+        'obj.httpSafeOrigin = ' + (function () {
+            if (config.httpSafeOrigin) { return config.httpSafeOrigin; }
+            if (config.httpSafePort) {
+                return "(function () { return window.location.origin.replace(/\:[0-9]+$/, ':" +
+                    config.httpSafePort + "'); }())";
+            }
+            return 'window.location.origin';
+        }()),
+        'return obj',
+        '});'
+    ].join(';\n'));
 });
 
 var httpServer = httpsOpts ? Https.createServer(httpsOpts, app) : Http.createServer(app);
@@ -149,6 +161,9 @@ httpServer.listen(config.httpPort,config.httpAddress,function(){
 
     console.log('\n[%s] server available http://%s%s', new Date().toISOString(), hostName, ps);
 });
+if (config.httpSafePort) {
+    Http.createServer(app).listen(config.httpSafePort, config.httpAddress);
+}
 
 var wsConfig = { server: httpServer };
 
diff --git a/www/code/index.html b/www/code/index.html
index 539681839..0f8824bd4 100644
--- a/www/code/index.html
+++ b/www/code/index.html
@@ -5,7 +5,7 @@
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <meta name="referrer" content="no-referrer" />
-    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
     <style>
         html, body {
             overflow-y: hidden;
diff --git a/www/code/inner.html b/www/code/inner.html
index 6a224ba7d..99bec8d08 100644
--- a/www/code/inner.html
+++ b/www/code/inner.html
@@ -3,7 +3,7 @@
 <head>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <script src="/bower_components/jquery/dist/jquery.min.js"></script>
-    <script async data-bootload="inner.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="inner.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
     <style> .loading-hidden { display: none; } </style>
 </head>
 <body class="loading-hidden">
diff --git a/www/common/boot2.js b/www/common/boot2.js
index 928b57d48..487eb8ae6 100644
--- a/www/common/boot2.js
+++ b/www/common/boot2.js
@@ -1,24 +1,8 @@
 // This is stage 1, it can be changed but you must bump the version of the project.
-define([], function () {
-    // fix up locations so that relative urls work.
-    require.config({
-        baseUrl: window.location.pathname,
-        paths: {
-            // jquery declares itself as literally "jquery" so it cannot be pulled by path :(
-            "jquery": "/bower_components/jquery/dist/jquery.min",
-            // json.sortify same
-            "json.sortify": "/bower_components/json.sortify/dist/JSON.sortify",
-            //"pdfjs-dist/build/pdf": "/bower_components/pdfjs-dist/build/pdf",
-            //"pdfjs-dist/build/pdf.worker": "/bower_components/pdfjs-dist/build/pdf.worker"
-            cm: '/bower_components/codemirror'
-        },
-        map: {
-            '*': {
-                'css': '/bower_components/require-css/css.js',
-                'less': '/common/RequireLess.js',
-            }
-        }
-    });
+define([
+    '/common/requireconfig.js'
+], function (RequireConfig) {
+    require.config(RequireConfig());
 
     // most of CryptPad breaks if you don't support isArray
     if (!Array.isArray) {
diff --git a/www/common/common-history.js b/www/common/common-history.js
index e29e95753..6dea29ab7 100644
--- a/www/common/common-history.js
+++ b/www/common/common-history.js
@@ -38,13 +38,13 @@ define([
         var parsed = config.href ? common.parsePadUrl(config.href) : {};
         var secret = common.getSecrets(parsed.type, parsed.hash);
 
-        History.readOnly = 1;
+        History.readOnly = 0;
         if (!secret.keys) {
             secret.keys = secret.key;
-            History.readOnly = 2;
+            History.readOnly = 0;
         }
         else if (!secret.keys.validateKey) {
-            History.readOnly = 0;
+            History.readOnly = 1;
         }
 
         var crypto = Crypto.createEncryptor(secret.keys);
@@ -203,7 +203,7 @@ define([
                 'class':'revertHistory buttonSuccess',
                 title: Messages.history_restoreTitle
             }).text(Messages.history_restore).appendTo($nav);
-            if (!History.readOnly) { $rev.hide(); }
+            if (History.readOnly) { $rev.hide(); }
 
             onUpdate = function () {
                 $cur.attr('max', states.length);
diff --git a/www/common/common-realtime.js b/www/common/common-realtime.js
index 5b0483008..216635514 100644
--- a/www/common/common-realtime.js
+++ b/www/common/common-realtime.js
@@ -9,38 +9,46 @@ define([
         AppConfig.badStateTimeout: 30000;
 
     var connected = false;
+    var intr;
+    var infiniteSpinnerHandlers = [];
 
     /*
         TODO make this not blow up when disconnected or lagging...
     */
-    common.whenRealtimeSyncs = function (realtime, cb) {
-        realtime.sync();
-
+    common.whenRealtimeSyncs = function (Cryptpad, realtime, cb) {
         window.setTimeout(function () {
             if (realtime.getAuthDoc() === realtime.getUserDoc()) {
                 return void cb();
+            } else {
+                realtime.onSettle(cb);
             }
 
-            var to = setTimeout(function () {
-                if (!connected) { return; }
+            if (intr) { return; }
+            intr = window.setInterval(function () {
+                var l;
+                try {
+                    l = realtime.getLag();
+                } catch (e) {
+                    throw new Error("ChainPad.getLag() does not exist, please `bower update`");
+                }
+                if (l.lag < BAD_STATE_TIMEOUT || !connected) { return; }
                 realtime.abort();
                 // don't launch more than one popup
                 if (common.infiniteSpinnerDetected) { return; }
+                infiniteSpinnerHandlers.forEach(function (ish) { ish(); });
 
                 // inform the user their session is in a bad state
-                common.confirm(Messages.realtime_unrecoverableError, function (yes) {
+                Cryptpad.confirm(Messages.realtime_unrecoverableError, function (yes) {
                     if (!yes) { return; }
                     window.location.reload();
                 });
                 common.infiniteSpinnerDetected = true;
-            }, BAD_STATE_TIMEOUT);
-            realtime.onSettle(function () {
-                clearTimeout(to);
-                cb();
-            });
+            }, 2000);
         }, 0);
     };
 
+    common.onInfiniteSpinner = function (f) { infiniteSpinnerHandlers.push(f); };
+
     common.setConnectionState = function (bool) {
         if (typeof(bool) !== 'boolean') { return; }
         connected = bool;
diff --git a/www/common/common-userlist2.js b/www/common/common-userlist2.js
new file mode 100644
index 000000000..e7f2449fa
--- /dev/null
+++ b/www/common/common-userlist2.js
@@ -0,0 +1,112 @@
+define(function () {
+    var module = {};
+
+    module.create = function (info, onLocal, Cryptget, Cryptpad) {
+        var exp = {};
+
+        var userData = exp.userData = {};
+        var userList = exp.userList = info.userList;
+        var myData = exp.myData = {};
+        exp.myUserName = info.myID;
+        exp.myNetfluxId = info.myID;
+
+        var network = Cryptpad.getNetwork();
+
+        var parsed = Cryptpad.parsePadUrl(window.location.href);
+        var appType = parsed ? parsed.type : undefined;
+
+        var addToUserData = exp.addToUserData = function(data) {
+            var users = userList.users;
+            for (var attrname in data) { userData[attrname] = data[attrname]; }
+
+            if (users && users.length) {
+                for (var userKey in userData) {
+                    if (users.indexOf(userKey) === -1) {
+                        delete userData[userKey];
+                    }
+                }
+            }
+
+            if(userList && typeof userList.onChange === "function") {
+                userList.onChange(userData);
+            }
+        };
+
+        exp.getToolbarConfig = function () {
+            return {
+                data: userData,
+                list: userList,
+                userNetfluxId: exp.myNetfluxId
+            };
+        };
+
+        var setName = exp.setName = function (newName, cb) {
+            if (typeof(newName) !== 'string') { return; }
+            var myUserNameTemp = newName.trim();
+            if(myUserNameTemp.length > 32) {
+              myUserNameTemp = myUserNameTemp.substr(0, 32);
+            }
+            exp.myUserName = myUserNameTemp;
+            myData = {};
+            myData[exp.myNetfluxId] = {
+                name: exp.myUserName,
+                uid: Cryptpad.getUid(),
+                avatar: Cryptpad.getAvatarUrl(),
+                profile: Cryptpad.getProfileUrl(),
+                curvePublic: Cryptpad.getProxy().curvePublic
+            };
+            addToUserData(myData);
+            /*Cryptpad.setAttribute('username', exp.myUserName, function (err) {
+                if (err) {
+                    console.log("Couldn't set username");
+                    console.error(err);
+                    return;
+                }
+                if (typeof cb === "function") { cb(); }
+            });*/
+            if (typeof cb === "function") { cb(); }
+        };
+
+        exp.getLastName = function ($changeNameButton, isNew) {
+            Cryptpad.getLastName(function (err, lastName) {
+                if (err) {
+                    console.log("Could not get previous name");
+                    console.error(err);
+                    return;
+                }
+                // Update the toolbar list:
+                // Add the current user in the metadata
+                if (typeof(lastName) === 'string') {
+                    setName(lastName, onLocal);
+                } else {
+                    myData[exp.myNetfluxId] = {
+                        name: "",
+                        uid: Cryptpad.getUid(),
+                        avatar: Cryptpad.getAvatarUrl(),
+                        profile: Cryptpad.getProfileUrl(),
+                        curvePublic: Cryptpad.getProxy().curvePublic
+                    };
+                    addToUserData(myData);
+                    onLocal();
+                    $changeNameButton.click();
+                }
+                if (isNew && appType) {
+                    Cryptpad.selectTemplate(appType, info.realtime, Cryptget);
+                }
+            });
+        };
+
+        Cryptpad.onDisplayNameChanged(function (newName) {
+            setName(newName, onLocal);
+        });
+
+        network.on('reconnect', function (uid) {
+            exp.myNetfluxId = uid;
+            exp.setName(exp.myUserName);
+        });
+
+        return exp;
+    };
+
+    return module;
+});
diff --git a/www/common/cryptpad-common.js b/www/common/cryptpad-common.js
index 88ad0fde7..13dd0a903 100644
--- a/www/common/cryptpad-common.js
+++ b/www/common/cryptpad-common.js
@@ -132,7 +132,9 @@ define([
     common.initMessagingUI = Messaging.UI.init;
 
     // Realtime
-    var whenRealtimeSyncs = common.whenRealtimeSyncs = Realtime.whenRealtimeSyncs;
+    var whenRealtimeSyncs = common.whenRealtimeSyncs = function (realtime, cb) {
+        Realtime.whenRealtimeSyncs(common, realtime, cb);
+    };
 
     // Userlist
     common.createUserList = UserList.create;
@@ -198,10 +200,20 @@ define([
         }
         return '';
     };
+    common.getAccountName = function () {
+        return localStorage[common.userNameKey];
+    };
 
     var randomToken = function () {
         return Math.random().toString(16).replace(/0./, '');
     };
+
+    common.isFeedbackAllowed = function () {
+        try {
+            if (!getStore().getProxy().proxy.allowUserFeedback) { return; }
+            return true;
+        } catch (e) { return void console.error(e); }
+    };
     var feedback = common.feedback = function (action, force) {
         if (force !== true) {
             if (!action) { return; }
@@ -827,6 +839,13 @@ define([
         });
     };
 
+    // SFRAME: talk to anon_rpc from the iframe
+    common.anonRpcMsg = function (msg, data, cb) {
+        if (!msg) { return; }
+        if (!anon_rpc) { return void cb('ANON_RPC_NOT_READY'); }
+        anon_rpc.send(msg, data, cb);
+    };
+
     common.getFileSize = function (href, cb) {
         if (!anon_rpc) { return void cb('ANON_RPC_NOT_READY'); }
         //if (!pinsReady()) { return void cb('RPC_NOT_READY'); }
@@ -1030,6 +1049,41 @@ define([
         };
     };
 
+    // Forget button
+    var moveToTrash = common.moveToTrash = function (cb) {
+        var href = window.location.href;
+        common.forgetPad(href, function (err) {
+            if (err) {
+                console.log("unable to forget pad");
+                console.error(err);
+                cb(err, null);
+                return;
+            }
+            var n = getNetwork();
+            var r = getRealtime();
+            if (n && r) {
+                whenRealtimeSyncs(r, function () {
+                    n.disconnect();
+                    cb();
+                });
+            } else {
+                cb();
+            }
+        });
+    };
+    var saveAsTemplate = common.saveAsTemplate = function (Cryptput, data, cb) {
+        var p = parsePadUrl(window.location.href);
+        if (!p.type) { return; }
+        var hash = createRandomHash();
+        var href = '/' + p.type + '/#' + hash;
+        Cryptput(hash, data.toSave, function (e) {
+            if (e) { throw new Error(e); }
+            common.addTemplate(makePad(href, data.title));
+            whenRealtimeSyncs(getStore().getProxy().info.realtime, function () {
+                cb();
+            });
+        });
+    };
     common.createButton = function (type, rightside, data, callback) {
         var button;
         var size = "17px";
@@ -1118,17 +1172,12 @@ define([
                                     console.error("Parse error while setting the title", e);
                                 }
                             }
-                            var p = parsePadUrl(window.location.href);
-                            if (!p.type) { return; }
-                            var hash = createRandomHash();
-                            var href = '/' + p.type + '/#' + hash;
-                            data.Crypt.put(hash, toSave, function (e) {
-                                if (e) { throw new Error(e); }
-                                common.addTemplate(makePad(href, title));
-                                whenRealtimeSyncs(getStore().getProxy().info.realtime, function () {
-                                    common.alert(Messages.templateSaved);
-                                    common.feedback('TEMPLATE_CREATED');
-                                });
+                            saveAsTemplate(data.Crypt.put, {
+                                title: title,
+                                toSave: toSave
+                            }, function () {
+                                common.alert(Messages.templateSaved);
+                                common.feedback('TEMPLATE_CREATED');
                             });
                         };
                         common.prompt(Messages.saveTemplatePrompt, title || document.title, todo);
@@ -1151,29 +1200,14 @@ define([
                     button
                     .click(prepareFeedback(type))
                     .click(function() {
-                        var href = window.location.href;
                         var msg = isLoggedIn() ? Messages.forgetPrompt : Messages.fm_removePermanentlyDialog;
                         common.confirm(msg, function (yes) {
                             if (!yes) { return; }
-                            common.forgetPad(href, function (err) {
-                                if (err) {
-                                    console.log("unable to forget pad");
-                                    console.error(err);
-                                    callback(err, null);
-                                    return;
-                                }
-                                var n = getNetwork();
-                                var r = getRealtime();
-                                if (n && r) {
-                                    whenRealtimeSyncs(r, function () {
-                                        n.disconnect();
-                                        callback();
-                                    });
-                                } else {
-                                    callback();
-                                }
+                            moveToTrash(function (err) {
+                                if (err) { return void callback(err); }
                                 var cMsg = isLoggedIn() ? Messages.movedToTrash : Messages.deleted;
                                 common.alert(cMsg, undefined, true);
+                                callback();
                                 return;
                             });
                         });
@@ -1254,7 +1288,7 @@ define([
       }
       return arr;
     };
-    var getFirstEmojiOrCharacter = function (str) {
+    var getFirstEmojiOrCharacter = common.getFirstEmojiOrCharacter = function (str) {
       if (!str || !str.trim()) { return '?'; }
       var emojis = emojiStringToArray(str);
       return isEmoji(emojis[0])? emojis[0]: str[0];
@@ -1305,6 +1339,7 @@ define([
         'image/jpg',
         'image/gif',
     ];
+    // SFRAME: copied to sframe-common-interface.js
     common.displayAvatar = function ($container, href, name, cb) {
         var MutationObserver = window.MutationObserver;
         var displayDefault = function () {
@@ -1643,6 +1678,7 @@ define([
         return $block;
     };
 
+    // SFRAME: moved to sframe-common-interface.js
     common.createUserAdminMenu = function (config) {
         var $displayedName = $('<span>', {'class': config.displayNameCls || 'displayName'});
         var accountName = localStorage[common.userNameKey];
@@ -1792,6 +1828,27 @@ define([
         return $userAdmin;
     };
 
+    common.getShareHashes = function (secret, cb) {
+        if (!window.location.hash) {
+            var hashes = common.getHashes(secret.channel, secret);
+            return void cb(null, hashes);
+        }
+        common.getRecentPads(function (err, recent) {
+            var parsed = parsePadUrl(window.location.href);
+            if (!parsed.type || !parsed.hashData) { return void cb('E_INVALID_HREF'); }
+            var hashes = common.getHashes(secret.channel, secret);
+
+            // If we have a stronger version in drive, add it and add a redirect button
+            var stronger = recent && common.findStronger(null, recent);
+            if (stronger) {
+                var parsed2 = parsePadUrl(stronger);
+                hashes.editHash = parsed2.hash;
+            }
+
+            cb(null, hashes);
+        });
+    };
+
     var CRYPTPAD_VERSION = 'cryptpad-version';
     var updateLocalVersion = function () {
         // Check for CryptPad updates
diff --git a/www/common/loading.js b/www/common/loading.js
new file mode 100644
index 000000000..41c9365ff
--- /dev/null
+++ b/www/common/loading.js
@@ -0,0 +1,31 @@
+define([
+    'less!/customize/src/less/loading.less'
+], function () {
+    var urlArgs = window.location.href.replace(/^.*\?([^\?]*)$/, function (all, x) { return x; });
+    var elem = document.createElement('div');
+    elem.setAttribute('id', 'loading');
+    elem.innerHTML = [
+        '<div class="loadingContainer">',
+            '<img class="cryptofist" src="/customize/cryptpad-new-logo-colors-logoonly.png?' + urlArgs + '">',
+            '<div class="spinnerContainer">',
+                '<span class="fa fa-circle-o-notch fa-spin fa-4x fa-fw"></span>',
+            '</div>',
+            '<p id="cp-loading-message"></p>',
+        '</div>'
+    ].join('');
+    var intr;
+    var append = function () {
+        if (!document.body) { return; }
+        clearInterval(intr);
+        document.body.appendChild(elem);
+        require([
+            '/customize/messages.js',
+
+            'css!/bower_components/components-font-awesome/css/font-awesome.min.css',
+        ], function (Messages) {
+            document.getElementById('cp-loading-message').innerText = Messages.loading;
+        });
+    };
+    intr = setInterval(append, 100);
+    append();
+});
\ No newline at end of file
diff --git a/www/common/metadata-manager.js b/www/common/metadata-manager.js
new file mode 100644
index 000000000..fdba66dee
--- /dev/null
+++ b/www/common/metadata-manager.js
@@ -0,0 +1,139 @@
+define([], function () {
+    var UNINIT = 'uninitialized';
+    var create = function (sframeChan) {
+        var meta = UNINIT;
+        var members = [];
+        var metadataObj = UNINIT;
+        // This object reflects the metadata which is in the document at this moment.
+        // Normally when a person leaves the pad, everybody sees them leave and updates
+        // their metadata, this causes everyone to fight to change the document and
+        // operational transform doesn't like it. So this is a lazy object which is
+        // only updated either:
+        // 1. On changes to the metadata that come in from someone else
+        // 2. On changes connects, disconnects or changes to your own metadata
+        var metadataLazyObj = UNINIT;
+        var priv = {};
+        var dirty = true;
+        var changeHandlers = [];
+        var lazyChangeHandlers = [];
+        var titleChangeHandlers = [];
+
+        var rememberedTitle;
+
+        var checkUpdate = function (lazy) {
+            if (!dirty) { return; }
+            if (meta === UNINIT) { throw new Error(); }
+            if (metadataObj === UNINIT) {
+                metadataObj = {
+                    defaultTitle: meta.doc.defaultTitle,
+                    title: meta.doc.defaultTitle,
+                    type: meta.doc.type,
+                    users: {}
+                };
+                metadataLazyObj = JSON.parse(JSON.stringify(metadataObj));
+            }
+            if (!metadataObj.users) { metadataObj.users = {}; }
+            if (!metadataLazyObj.users) { metadataLazyObj.users = {}; }
+            var mdo = {};
+            // We don't want to add our user data to the object multiple times.
+            //var containsYou = false;
+            //console.log(metadataObj);
+            Object.keys(metadataObj.users).forEach(function (x) {
+                if (members.indexOf(x) === -1) { return; }
+                mdo[x] = metadataObj.users[x];
+                /*if (metadataObj.users[x].uid === meta.user.uid) {
+                    //console.log('document already contains you');
+                    containsYou = true;
+                }*/
+            });
+            //if (!containsYou) { mdo[meta.user.netfluxId] = meta.user; }
+            mdo[meta.user.netfluxId] = meta.user;
+            metadataObj.users = mdo;
+            var lazyUserStr = JSON.stringify(metadataLazyObj.users[meta.user.netfluxId]);
+            dirty = false;
+            if (lazy || lazyUserStr !== JSON.stringify(meta.user)) {
+                metadataLazyObj = JSON.parse(JSON.stringify(metadataObj));
+                lazyChangeHandlers.forEach(function (f) { f(); });
+            }
+
+            if (metadataObj.title !== rememberedTitle) {
+                console.log("Title update\n" + metadataObj.title + '\n');
+                rememberedTitle = metadataObj.title;
+                titleChangeHandlers.forEach(function (f) { f(metadataObj.title); });
+            }
+
+            changeHandlers.forEach(function (f) { f(); });
+        };
+        var change = function (lazy) {
+            dirty = true;
+            setTimeout(function () {
+                checkUpdate(lazy);
+            });
+        };
+
+        sframeChan.on('EV_METADATA_UPDATE', function (ev) {
+            meta = ev;
+            if (ev.priv) {
+                priv = ev.priv;
+            }
+            change(true);
+        });
+        sframeChan.on('EV_RT_CONNECT', function (ev) {
+            meta.user.netfluxId = ev.myID;
+            members = ev.members;
+            change(true);
+        });
+        sframeChan.on('EV_RT_JOIN', function (ev) {
+            members.push(ev);
+            change(false);
+        });
+        sframeChan.on('EV_RT_LEAVE', function (ev) {
+            var idx = members.indexOf(ev);
+            if (idx === -1) { console.log('Error: ' + ev + ' not in members'); return; }
+            members.splice(idx, 1);
+            change(false);
+        });
+        sframeChan.on('EV_RT_DISCONNECT', function () {
+            members = [];
+            change(true);
+        });
+
+        return Object.freeze({
+            updateMetadata: function (m) {
+                if (JSON.stringify(metadataObj) === JSON.stringify(m)) { return; }
+                metadataObj = JSON.parse(JSON.stringify(m));
+                metadataLazyObj = JSON.parse(JSON.stringify(m));
+                change(false);
+            },
+            updateTitle: function (t) {
+                metadataObj.title = t;
+                change(true);
+            },
+            getMetadata: function () {
+                checkUpdate(false);
+                return Object.freeze(JSON.parse(JSON.stringify(metadataObj)));
+            },
+            getMetadataLazy: function () {
+                return metadataLazyObj;
+            },
+            onTitleChange: function (f) { titleChangeHandlers.push(f); },
+            onChange: function (f) { changeHandlers.push(f); },
+            onChangeLazy: function (f) { lazyChangeHandlers.push(f); },
+            isConnected : function () {
+                return members.indexOf(meta.user.netfluxId) !== -1;
+            },
+            getViewers : function () {
+                checkUpdate(false);
+                var list = members.slice().filter(function (m) { return m.length === 32; });
+                return list.length - Object.keys(metadataObj.users).length;
+            },
+            getPrivateData : function () {
+                return priv;
+            },
+            getNetfluxId : function () {
+                return meta.user.netfluxId;
+            }
+        });
+    };
+    return Object.freeze({ create: create });
+});
diff --git a/www/common/notify.js b/www/common/notify.js
index 7942b3446..8f52d7c51 100644
--- a/www/common/notify.js
+++ b/www/common/notify.js
@@ -1,11 +1,4 @@
-(function () {
-    var Mod = function (ApiConfig) {
-        var requireConf;
-        if (ApiConfig && ApiConfig.requireConf) {
-            requireConf = ApiConfig.requireConf;
-        }
-        var urlArgs = typeof(requireConf.urlArgs) === 'string'? '?' + urlArgs: '';
-
+define(['/api/config'], function (ApiConfig) {
     var Module = {};
 
     var isSupported = Module.isSupported = function () {
@@ -48,8 +41,8 @@
         }
     };
 
-    var DEFAULT_MAIN = '/customize/main-favicon.png' + urlArgs;
-    var DEFAULT_ALT = '/customize/alt-favicon.png' + urlArgs;
+    var DEFAULT_MAIN = '/customize/main-favicon.png?' + ApiConfig.requireConf.urlArgs;
+    var DEFAULT_ALT = '/customize/alt-favicon.png?' + ApiConfig.requireConf.urlArgs;
 
     var createFavicon = function () {
         console.log("creating favicon");
@@ -117,14 +110,6 @@
             cancel: cancel,
         };
     };
-        return Module;
-    };
 
-    if (typeof(module) !== 'undefined' && module.exports) {
-        module.exports = Mod();
-    } else if ((typeof(define) !== 'undefined' && define !== null) && (define.amd !== null)) {
-        define(['/api/config'], Mod);
-    } else {
-        window.Visible = Mod();
-    }
-}());
+    return Module;
+});
\ No newline at end of file
diff --git a/www/common/requireconfig.js b/www/common/requireconfig.js
new file mode 100644
index 000000000..85258ea8b
--- /dev/null
+++ b/www/common/requireconfig.js
@@ -0,0 +1,27 @@
+define([
+    '/api/config'
+], function (ApiConfig) {
+    var out = {
+        // fix up locations so that relative urls work.
+        baseUrl: window.location.pathname,
+        paths: { 
+            // jquery declares itself as literally "jquery" so it cannot be pulled by path :(
+            "jquery": "/bower_components/jquery/dist/jquery.min",
+            // json.sortify same
+            "json.sortify": "/bower_components/json.sortify/dist/JSON.sortify",
+            //"pdfjs-dist/build/pdf": "/bower_components/pdfjs-dist/build/pdf",
+            //"pdfjs-dist/build/pdf.worker": "/bower_components/pdfjs-dist/build/pdf.worker"
+            cm: '/bower_components/codemirror'
+        },
+        map: {
+            '*': {
+                'css': '/bower_components/require-css/css.js',
+                'less': '/common/RequireLess.js',
+            }
+        }
+    };
+    Object.keys(ApiConfig.requireConf).forEach(function (k) { out[k] = ApiConfig.requireConf[k]; });
+    return function () {
+        return JSON.parse(JSON.stringify(out));
+    };
+});
diff --git a/www/common/sframe-boot.js b/www/common/sframe-boot.js
new file mode 100644
index 000000000..6ed56cfea
--- /dev/null
+++ b/www/common/sframe-boot.js
@@ -0,0 +1,30 @@
+// Stage 0, this gets cached which means we can't change it. boot2-sframe.js is changable.
+// Note that this file is meant to be executed only inside of a sandbox iframe.
+;(function () {
+var req = JSON.parse(decodeURIComponent(window.location.hash.substring(1)));
+req.cfg = req.cfg || {};
+if (req.pfx) {
+    req.cfg.onNodeCreated = function (node /*, config, module, path*/) {
+        node.setAttribute('src', req.pfx + node.getAttribute('src'));
+    };
+}
+require.config(req.cfg);
+var txid = Math.random().toString(16).replace('0.', '');
+var intr;
+var ready = function () {
+    intr = setInterval(function () {
+        if (typeof(txid) !== 'string') { return; }
+        window.parent.postMessage(JSON.stringify({ q: 'READY', txid: txid }), '*');
+    }, 1);
+};
+if (req.req) { require(req.req, ready); } else { ready(); }
+var onReply = function (msg) {
+    var data = JSON.parse(msg.data);
+    if (data.txid !== txid) { return; }
+    clearInterval(intr);
+    txid = {};
+    window.removeEventListener('message', onReply);
+    require(['/common/sframe-boot2.js'], function () { });
+};
+window.addEventListener('message', onReply);
+}());
\ No newline at end of file
diff --git a/www/common/sframe-boot2.js b/www/common/sframe-boot2.js
new file mode 100644
index 000000000..38395a21f
--- /dev/null
+++ b/www/common/sframe-boot2.js
@@ -0,0 +1,35 @@
+// This is stage 1, it can be changed but you must bump the version of the project.
+// Note: This must only be loaded from inside of a sandbox-iframe.
+define(['/common/requireconfig.js'], function (RequireConfig) {
+    require.config(RequireConfig());
+
+    // most of CryptPad breaks if you don't support isArray
+    if (!Array.isArray) {
+        Array.isArray = function(arg) { // CRYPTPAD_SHIM
+            return Object.prototype.toString.call(arg) === '[object Array]';
+        };
+    }
+
+    // In the event that someone clicks a link in the iframe, it's going to cause the iframe
+    // to navigate away from the pad which is going to be a mess. Instead we'll just reload
+    // the top level and then it will be simply that a link doesn't work properly.
+    window.onunload = function () {
+        window.parent.location.reload();
+    };
+
+    // Make sure anything which might have leaked to the localstorage is always cleaned up.
+    try { window.localStorage.clear(); } catch (e) { }
+    try { window.sessionStorage.clear(); } catch (e) { }
+
+    var mkFakeStore = function () {
+        var fakeStorage = {
+            getItem: function (k) { return fakeStorage[k]; },
+            setItem: function (k, v) { fakeStorage[k] = v; return v; }
+        };
+        return fakeStorage;
+    };
+    window.__defineGetter__('localStorage', function () { return mkFakeStore(); });
+    window.__defineGetter__('sessionStorage', function () { return mkFakeStore(); });
+
+    require([document.querySelector('script[data-bootload]').getAttribute('data-bootload')]);
+});
diff --git a/www/common/sframe-chainpad-netflux-inner.js b/www/common/sframe-chainpad-netflux-inner.js
new file mode 100644
index 000000000..04659fe17
--- /dev/null
+++ b/www/common/sframe-chainpad-netflux-inner.js
@@ -0,0 +1,101 @@
+/*
+ * Copyright 2014 XWiki SAS
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+define([
+    '/bower_components/chainpad/chainpad.dist.js'
+], function () {
+    var ChainPad = window.ChainPad;
+    var module = { exports: {} };
+
+    var verbose = function (x) { console.log(x); };
+    verbose = function () {}; // comment out to enable verbose logging
+
+    module.exports.start = function (config) {
+        var onConnectionChange = config.onConnectionChange || function () { };
+        var onRemote = config.onRemote || function () { };
+        var onInit = config.onInit || function () { };
+        var onLocal = config.onLocal || function () { };
+        var setMyID = config.setMyID || function () { };
+        var onReady = config.onReady || function () { };
+        var userName = config.userName;
+        var initialState = config.initialState;
+        var transformFunction = config.transformFunction;
+        var validateContent = config.validateContent;
+        var avgSyncMilliseconds = config.avgSyncMilliseconds;
+        var logLevel = typeof(config.logLevel) !== 'undefined'? config.logLevel : 1;
+        var readOnly = config.readOnly || false;
+        var sframeChan = config.sframeChan;
+        var metadataMgr = config.metadataMgr;
+        config = undefined;
+
+        var chainpad;
+        var myID;
+        var isReady = false;
+
+        sframeChan.on('EV_RT_DISCONNECT', function () {
+            isReady = false;
+            onConnectionChange({ state: false });
+        });
+        sframeChan.on('EV_RT_CONNECT', function (content) {
+            //content.members.forEach(userList.onJoin);
+            myID = content.myID;
+            isReady = false;
+            if (chainpad) {
+                // it's a reconnect
+                onConnectionChange({ state: true, myId: myID });
+                return;
+            }
+            chainpad = ChainPad.create({
+                userName: userName,
+                initialState: initialState,
+                transformFunction: transformFunction,
+                validateContent: validateContent,
+                avgSyncMilliseconds: avgSyncMilliseconds,
+                logLevel: logLevel
+            });
+            chainpad.onMessage(function(message, cb) {
+                sframeChan.query('Q_RT_MESSAGE', message, cb);
+            });
+            chainpad.onPatch(function () {
+                onRemote({ realtime: chainpad });
+            });
+            onInit({
+                myID: myID,
+                realtime: chainpad,
+                readOnly: readOnly
+            });
+        });
+        sframeChan.on('Q_RT_MESSAGE', function (content, cb) {
+            if (isReady) {
+                onLocal(); // should be onBeforeMessage
+            }
+            chainpad.message(content);
+            cb('OK');
+        });
+        sframeChan.on('EV_RT_READY', function () {
+            if (isReady) { return; }
+            isReady = true;
+            chainpad.start();
+            setMyID({ myID: myID });
+            onReady({ realtime: chainpad });
+        });
+        return Object.freeze({
+            getMyID: function () { return myID; },
+            metadataMgr: metadataMgr
+        });
+    };
+    return Object.freeze(module.exports);
+});
\ No newline at end of file
diff --git a/www/common/sframe-chainpad-netflux-outer.js b/www/common/sframe-chainpad-netflux-outer.js
new file mode 100644
index 000000000..54688c2e3
--- /dev/null
+++ b/www/common/sframe-chainpad-netflux-outer.js
@@ -0,0 +1,246 @@
+/*
+ * Copyright 2014 XWiki SAS
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+define([], function () {
+    var USE_HISTORY = true;
+
+    var verbose = function (x) { console.log(x); };
+    verbose = function () {}; // comment out to enable verbose logging
+
+    var unBencode = function (str) { return str.replace(/^\d+:/, ''); };
+
+    var start = function (conf) {
+        var channel = conf.channel;
+        var Crypto = conf.crypto;
+        var validateKey = conf.validateKey;
+        var readOnly = conf.readOnly || false;
+        var network = conf.network;
+        var sframeChan = conf.sframeChan;
+        var onConnect = conf.onConnect || function () { };
+        conf = undefined;
+
+        var initializing = true;
+        var lastKnownHash;
+
+        var queue = [];
+        var messageFromInner = function (m, cb) { queue.push([ m, cb ]); };
+        sframeChan.on('Q_RT_MESSAGE', function (message, cb) {
+            messageFromInner(message, cb);
+        });        
+
+        var onReady = function () {
+            // Trigger onReady only if not ready yet. This is important because the history keeper sends a direct
+            // message through "network" when it is synced, and it triggers onReady for each channel joined.
+            if (!initializing) { return; }
+            sframeChan.event('EV_RT_READY', null);
+            // we're fully synced
+            initializing = false;
+        };
+
+        // shim between chainpad and netflux
+        var msgIn = function (peerId, msg) {
+            msg = msg.replace(/^cp\|/, '');
+            try {
+                var decryptedMsg = Crypto.decrypt(msg, validateKey);
+                return decryptedMsg;
+            } catch (err) {
+                console.error(err);
+                return msg;
+            }
+        };
+
+        var msgOut = function (msg) {
+            if (readOnly) { return; }
+            try {
+                var cmsg = Crypto.encrypt(msg);
+                if (msg.indexOf('[4') === 0) { cmsg = 'cp|' + cmsg; }
+                return cmsg;
+            } catch (err) {
+                console.log(msg);
+                throw err;
+            }
+        };
+
+        var onMessage = function(peer, msg, wc, network, direct) {
+            // unpack the history keeper from the webchannel
+            var hk = network.historyKeeper;
+
+            if (direct && peer !== hk) {
+                return;
+            }
+            if (direct) {
+                var parsed = JSON.parse(msg);
+                if (parsed.validateKey && parsed.channel) {
+                    if (parsed.channel === wc.id && !validateKey) {
+                        validateKey = parsed.validateKey;
+                    }
+                    // We have to return even if it is not the current channel:
+                    // we don't want to continue with other channels messages here
+                    return;
+                }
+                if (parsed.state && parsed.state === 1 && parsed.channel) {
+                    if (parsed.channel === wc.id) {
+                        onReady(wc);
+                    }
+                    // We have to return even if it is not the current channel:
+                    // we don't want to continue with other channels messages here
+                    return;
+                }
+            }
+            // The history keeper is different for each channel :
+            // no need to check if the message is related to the current channel
+            if (peer === hk) {
+                // if the peer is the 'history keeper', extract their message
+                var parsed1 = JSON.parse(msg);
+                msg = parsed1[4];
+                // Check that this is a message for us
+                if (parsed1[3] !== wc.id) { return; }
+            }
+
+            lastKnownHash = msg.slice(0,64);
+            var message = msgIn(peer, msg);
+
+            verbose(message);
+
+            // slice off the bencoded header
+            // Why are we getting bencoded stuff to begin with?
+            // FIXME this shouldn't be necessary
+            message = unBencode(message);//.slice(message.indexOf(':[') + 1);
+
+            // pass the message into Chainpad
+            sframeChan.query('Q_RT_MESSAGE', message, function () { });
+        };
+
+        // We use an object to store the webchannel so that we don't have to push new handlers to chainpad
+        // and remove the old ones when reconnecting and keeping the same 'realtime' object
+        // See realtime.onMessage below: we call wc.bcast(...) but wc may change
+        var wcObject = {};
+        var onOpen = function(wc, network, firstConnection) {
+            wcObject.wc = wc;
+            channel = wc.id;
+
+            onConnect(wc);
+            onConnect = function () { };
+
+            // Add the existing peers in the userList
+            sframeChan.event('EV_RT_CONNECT', { myID: wc.myID, members: wc.members, readOnly: readOnly });
+
+            // Add the handlers to the WebChannel
+            wc.on('message', function (msg, sender) { //Channel msg
+                onMessage(sender, msg, wc, network);
+            });
+            wc.on('join', function (m) { sframeChan.event('EV_RT_JOIN', m); });
+            wc.on('leave', function (m) { sframeChan.event('EV_RT_LEAVE', m); });
+
+            if (firstConnection) {
+                // Sending a message...
+                messageFromInner = function(message, cb) {
+                    // Filter messages sent by Chainpad to make it compatible with Netflux
+                    message = msgOut(message);
+                    if (message) {
+                        // Do not remove wcObject, it allows us to use a new 'wc' without changing the handler if we
+                        // want to keep the same chainpad (realtime) object
+                        try {
+                            wcObject.wc.bcast(message).then(function() {
+                                cb();
+                            }, function(err) {
+                                // The message has not been sent, display the error.
+                                console.error(err);
+                            });
+                        } catch (e) {
+                            console.log(e);
+                            // Just skip calling back and it will fail on the inside.
+                        }
+                    }
+                };
+                queue.forEach(function (arr) { messageFromInner(arr[0], arr[1]); });
+            }
+
+            // Get the channel history
+            if (USE_HISTORY) {
+                var hk;
+
+                wc.members.forEach(function (p) {
+                    if (p.length === 16) { hk = p; }
+                });
+                network.historyKeeper = hk;
+
+                var msg = ['GET_HISTORY', wc.id];
+                // Add the validateKey if we are the channel creator and we have a validateKey
+                msg.push(validateKey);
+                msg.push(lastKnownHash);
+                if (hk) { network.sendto(hk, JSON.stringify(msg)); }
+            } else {
+                onReady(wc);
+            }
+        };
+
+        var isIntentionallyLeaving = false;
+        window.addEventListener("beforeunload", function () {
+            isIntentionallyLeaving = true;
+        });
+
+        var findChannelById = function (webChannels, channelId) {
+            var webChannel;
+
+            // Array.some terminates once a truthy value is returned
+            // best case is faster than forEach, though webchannel arrays seem
+            // to consistently have a length of 1
+            webChannels.some(function(chan) {
+                if(chan.id === channelId) { webChannel = chan; return true;}
+            });
+            return webChannel;
+        };
+
+        var connectTo = function (network, firstConnection) {
+            // join the netflux network, promise to handle opening of the channel
+            network.join(channel || null).then(function(wc) {
+                onOpen(wc, network, firstConnection);
+            }, function(error) {
+                console.error(error);
+            });
+        };
+
+        network.on('disconnect', function (reason) {
+            console.log('disconnect');
+            if (isIntentionallyLeaving) { return; }
+            if (reason === "network.disconnect() called") { return; }
+            sframeChan.event('EV_RT_DISCONNECT');
+        });
+
+        network.on('reconnect', function () {
+            initializing = true;
+            connectTo(network, false);
+        });
+
+        network.on('message', function (msg, sender) { // Direct message
+            var wchan = findChannelById(network.webChannels, channel);
+            if (wchan) {
+                onMessage(sender, msg, wchan, network, true);
+            }
+        });
+
+        connectTo(network, true);
+    };
+
+    return {
+        start: function (config) {
+            config.sframeChan.whenReg('EV_RT_READY', function () {
+                start(config);
+            });
+        }
+    };
+});
diff --git a/www/common/sframe-channel.js b/www/common/sframe-channel.js
new file mode 100644
index 000000000..6bfffb028
--- /dev/null
+++ b/www/common/sframe-channel.js
@@ -0,0 +1,141 @@
+// This file provides the API for the channel for talking to and from the sandbox iframe.
+define([
+    '/common/sframe-protocol.js'
+], function (SFrameProtocol) {
+
+    var mkTxid = function () {
+        return Math.random().toString(16).replace('0.', '') + Math.random().toString(16).replace('0.', '');
+    };
+
+    var create = function (ow, cb) {
+        var otherWindow;
+        var handlers = {};
+        var queries = {};
+
+        // list of handlers which are registered from the other side...
+        var insideHandlers = [];
+        var callWhenRegistered = {};
+
+        var chan = {};
+
+        // Send a query.  channel.query('Q_SOMETHING', { args: "whatever" }, function (reply) { ... });
+        chan.query = function (q, content, cb) {
+            if (!otherWindow) { throw new Error('not yet initialized'); }
+            if (!SFrameProtocol[q]) {
+                throw new Error('please only make queries are defined in sframe-protocol.js');
+            }
+            var txid = mkTxid();
+            var timeout = setTimeout(function () {
+                delete queries[txid];
+                console.log("Timeout making query " + q);
+            }, 30000);
+            queries[txid] = function (data, msg) {
+                clearTimeout(timeout);
+                delete queries[txid];
+                cb(undefined, data.content, msg);
+            };
+            otherWindow.postMessage(JSON.stringify({
+                txid: txid,
+                content: content,
+                q: q
+            }), '*');
+        };
+
+        // Fire an event.  channel.event('EV_SOMETHING', { args: "whatever" });
+        var event = chan.event = function (e, content) {
+            if (!otherWindow) { throw new Error('not yet initialized'); }
+            if (!SFrameProtocol[e]) {
+                throw new Error('please only fire events that are defined in sframe-protocol.js');
+            }
+            if (e.indexOf('EV_') !== 0) {
+                throw new Error('please only use events (starting with EV_) for event messages');
+            }
+            otherWindow.postMessage(JSON.stringify({ content: content, q: e }), '*');
+        };
+
+        // Be notified on query or event.  channel.on('EV_SOMETHING', function (args, reply) { ... });
+        // If the type is a query, your handler will be invoked with a reply function that takes
+        // one argument (the content to reply with).
+        chan.on = function (queryType, handler, quiet) {
+            if (!otherWindow && !quiet) { throw new Error('not yet initialized'); }
+            if (!SFrameProtocol[queryType]) {
+                throw new Error('please only register handlers which are defined in sframe-protocol.js');
+            }
+            (handlers[queryType] = handlers[queryType] || []).push(function (data, msg) {
+                handler(data.content, function (replyContent) {
+                    if (queryType.indexOf('Q_') !== 0) { throw new Error("replies to events are invalid"); }
+                    msg.source.postMessage(JSON.stringify({
+                        txid: data.txid,
+                        content: replyContent
+                    }), '*');
+                }, msg);
+            });
+            if (!quiet) {
+                event('EV_REGISTER_HANDLER', queryType);
+            }
+        };
+
+        // If a particular handler is registered, call the callback immediately, otherwise it will be called
+        // when that handler is first registered.
+        // channel.whenReg('Q_SOMETHING', function () { ...query Q_SOMETHING?... });
+        chan.whenReg = function (queryType, cb, always) {
+            if (!otherWindow) { throw new Error('not yet initialized'); }
+            if (!SFrameProtocol[queryType]) {
+                throw new Error('please only register handlers which are defined in sframe-protocol.js');
+            }
+            var reg = always;
+            if (insideHandlers.indexOf(queryType) > -1) {
+                cb();
+            } else {
+                reg = true;
+            }
+            if (reg) {
+                (callWhenRegistered[queryType] = callWhenRegistered[queryType] || []).push(cb);
+            }
+        };
+
+        // Same as whenReg except it will invoke every time there is another registration, not just once.
+        chan.onReg = function (queryType, cb) { chan.whenReg(queryType, cb, true); };
+
+        chan.on('EV_REGISTER_HANDLER', function (content) {
+            if (callWhenRegistered[content]) {
+                callWhenRegistered[content].forEach(function (f) { f(); });
+                delete callWhenRegistered[content];
+            }
+            insideHandlers.push(content);
+        }, true);
+
+        var txid;
+        window.addEventListener('message', function (msg) {
+            var data = JSON.parse(msg.data);
+            if (ow !== msg.source) {
+                console.log("DROP Message from unexpected source");
+                console.log(msg);
+            } else if (!otherWindow) {
+                otherWindow = ow;
+                ow.postMessage(JSON.stringify({ txid: data.txid }), '*');
+                cb(chan);
+            } else if (typeof(data.q) === 'string' && handlers[data.q]) {
+                handlers[data.q].forEach(function (f) {
+                    f(data || JSON.parse(msg.data), msg);
+                    data = undefined;
+                });
+            } else if (typeof(data.q) === 'undefined' && queries[data.txid]) {
+                queries[data.txid](data, msg);
+            } else if (data.txid === txid) {
+                // stray message from init
+                return;
+            } else {
+                console.log("DROP Unhandled message");
+                console.log(msg);
+            }
+        });
+        if (window !== window.top) {
+            // we're in the sandbox
+            otherWindow = ow;
+            cb(chan);
+        }
+    };
+
+    return { create: create };
+});
diff --git a/www/common/sframe-common-history.js b/www/common/sframe-common-history.js
new file mode 100644
index 000000000..e6c342b94
--- /dev/null
+++ b/www/common/sframe-common-history.js
@@ -0,0 +1,223 @@
+define([
+    'jquery',
+    '/bower_components/chainpad-json-validator/json-ot.js',
+    '/bower_components/chainpad/chainpad.dist.js',
+], function ($, JsonOT) {
+    var ChainPad = window.ChainPad;
+    var History = {};
+
+    var getStates = function (rt) {
+        var states = [];
+        var b = rt.getAuthBlock();
+        if (b) { states.unshift(b); }
+        while (b.getParent()) {
+            b = b.getParent();
+            states.unshift(b);
+        }
+        return states;
+    };
+
+    var loadHistory = function (config, common, cb) {
+        var createRealtime = function () {
+            return ChainPad.create({
+                userName: 'history',
+                initialState: '',
+                transformFunction: JsonOT.validate,
+                logLevel: 0,
+                noPrune: true
+            });
+        };
+        var realtime = createRealtime();
+
+        History.readOnly = common.getMetadataMgr().getPrivateData().readOnly;
+
+        var to = window.setTimeout(function () {
+            cb('[GET_FULL_HISTORY_TIMEOUT]');
+        }, 30000);
+
+        common.getFullHistory(realtime, function () {
+            window.clearTimeout(to);
+            cb(null, realtime);
+        });
+    };
+
+    History.create = function (common, config) {
+        if (!config.$toolbar) { return void console.error("config.$toolbar is undefined");}
+        if (History.loading) { return void console.error("History is already being loaded..."); }
+        History.loading = true;
+        var $toolbar = config.$toolbar;
+
+        if (!config.applyVal || !config.setHistory || !config.onLocal || !config.onRemote) {
+            throw new Error("Missing config element: applyVal, onLocal, onRemote, setHistory");
+        }
+
+        // config.setHistory(bool, bool)
+        // - bool1: history value
+        // - bool2: reset old content?
+        var render = function (val) {
+            if (typeof val === "undefined") { return; }
+            try {
+                config.applyVal(val);
+            } catch (e) {
+                // Probably a parse error
+                console.error(e);
+            }
+        };
+        var onClose = function () { config.setHistory(false, true); };
+        var onRevert = function () {
+            config.setHistory(false, false);
+            config.onLocal();
+            config.onRemote();
+        };
+        var onReady = function () {
+            config.setHistory(true);
+        };
+
+        var Messages = common.Messages;
+        var Cryptpad = common.getCryptpadCommon();
+
+        var realtime;
+
+        var states = [];
+        var c = states.length - 1;
+
+        var $hist = $toolbar.find('.cryptpad-toolbar-history');
+        var $left = $toolbar.find('.cryptpad-toolbar-leftside');
+        var $right = $toolbar.find('.cryptpad-toolbar-rightside');
+        var $cke = $toolbar.find('.cke_toolbox_main');
+
+        $hist.html('').show();
+        $left.hide();
+        $right.hide();
+        $cke.hide();
+
+        Cryptpad.spinner($hist).get().show();
+
+        var onUpdate;
+
+        var update = function () {
+            if (!realtime) { return []; }
+            states = getStates(realtime);
+            if (typeof onUpdate === "function") { onUpdate(); }
+            return states;
+        };
+
+        // Get the content of the selected version, and change the version number
+        var get = function (i) {
+            i = parseInt(i);
+            if (isNaN(i)) { return; }
+            if (i < 0) { i = 0; }
+            if (i > states.length - 1) { i = states.length - 1; }
+            var val = states[i].getContent().doc;
+            c = i;
+            if (typeof onUpdate === "function") { onUpdate(); }
+            $hist.find('.next, .previous').css('visibility', '');
+            if (c === states.length - 1) { $hist.find('.next').css('visibility', 'hidden'); }
+            if (c === 0) { $hist.find('.previous').css('visibility', 'hidden'); }
+            return val || '';
+        };
+
+        var getNext = function (step) {
+            return typeof step === "number" ? get(c + step) : get(c + 1);
+        };
+        var getPrevious = function (step) {
+            return typeof step === "number" ? get(c - step) : get(c - 1);
+        };
+
+        // Create the history toolbar
+        var display = function () {
+            $hist.html('');
+            var $prev =$('<button>', {
+                'class': 'previous fa fa-step-backward buttonPrimary',
+                title: Messages.history_prev
+            }).appendTo($hist);
+            var $nav = $('<div>', {'class': 'goto'}).appendTo($hist);
+            var $next = $('<button>', {
+                'class': 'next fa fa-step-forward buttonPrimary',
+                title: Messages.history_next
+            }).appendTo($hist);
+
+            $('<label>').text(Messages.history_version).appendTo($nav);
+            var $cur = $('<input>', {
+                'class' : 'gotoInput',
+                'type' : 'number',
+                'min' : '1',
+                'max' : states.length
+            }).val(c + 1).appendTo($nav).mousedown(function (e) {
+                // stopPropagation because the event would be cancelled by the dropdown menus
+                e.stopPropagation();
+            });
+            var $label2 = $('<label>').text(' / '+ states.length).appendTo($nav);
+            $('<br>').appendTo($nav);
+            var $close = $('<button>', {
+                'class':'closeHistory',
+                title: Messages.history_closeTitle
+            }).text(Messages.history_closeTitle).appendTo($nav);
+            var $rev = $('<button>', {
+                'class':'revertHistory buttonSuccess',
+                title: Messages.history_restoreTitle
+            }).text(Messages.history_restore).appendTo($nav);
+            if (History.readOnly) { $rev.hide(); }
+
+            onUpdate = function () {
+                $cur.attr('max', states.length);
+                $cur.val(c+1);
+                $label2.text(' / ' + states.length);
+            };
+
+            var close = function () {
+                $hist.hide();
+                $left.show();
+                $right.show();
+                $cke.show();
+            };
+
+            // Buttons actions
+            $prev.click(function () { render(getPrevious()); });
+            $next.click(function () { render(getNext()); });
+            $cur.keydown(function (e) {
+                var p = function () { e.preventDefault(); };
+                if (e.which === 13) { p(); return render( get($cur.val() - 1) ); } // Enter
+                if ([37, 40].indexOf(e.which) >= 0) { p(); return render(getPrevious()); } // Left
+                if ([38, 39].indexOf(e.which) >= 0) { p(); return render(getNext()); } // Right
+                if (e.which === 33) { p(); return render(getNext(10)); } // PageUp
+                if (e.which === 34) { p(); return render(getPrevious(10)); } // PageUp
+                if (e.which === 27) { p(); $close.click(); }
+            }).keyup(function (e) { e.stopPropagation(); }).focus();
+            $cur.on('change', function () {
+                render( get($cur.val() - 1) );
+            });
+            $close.click(function () {
+                states = [];
+                close();
+                onClose();
+            });
+            $rev.click(function () {
+                Cryptpad.confirm(Messages.history_restorePrompt, function (yes) {
+                    if (!yes) { return; }
+                    close();
+                    onRevert();
+                    Cryptpad.log(Messages.history_restoreDone);
+                });
+            });
+
+            // Display the latest content
+            render(get(c));
+        };
+
+        // Load all the history messages into a new chainpad object
+        loadHistory(config, common, function (err, newRt) {
+            History.loading = false;
+            if (err) { throw new Error(err); }
+            realtime = newRt;
+            update();
+            c = states.length - 1;
+            display();
+            onReady();
+        });
+    };
+
+    return History;
+});
+
+
diff --git a/www/common/sframe-common-interface.js b/www/common/sframe-common-interface.js
new file mode 100644
index 000000000..8f418bc46
--- /dev/null
+++ b/www/common/sframe-common-interface.js
@@ -0,0 +1,264 @@
+define([
+    'jquery',
+    '/common/cryptpad-common.js',
+    '/common/media-tag.js',
+], function ($, Cryptpad, MediaTag) {
+    var UI = {};
+    var Messages = Cryptpad.Messages;
+
+    /**
+     * Requirements from cryptpad-common.js
+     * getFileSize
+     *  - hrefToHexChannelId
+     * displayAvatar
+     *  - getFirstEmojiOrCharacter
+     *  - parsePadUrl
+     *  - getSecrets
+     *  - base64ToHex
+     *  - getBlobPathFromHex
+     *  - bytesToMegabytes
+     * createUserAdminMenu
+     *  - fixHTML
+     *  - createDropdown
+    */
+
+    UI.getFileSize = function (Common, href, cb) {
+        var channelId = Cryptpad.hrefToHexChannelId(href);
+        Common.sendAnonRpcMsg("GET_FILE_SIZE", channelId, function (data) {
+            if (!data) { return void cb("No response"); }
+            if (data.error) { return void cb(data.error); }
+            if (data.response && data.response.length && typeof(data.response[0]) === 'number') {
+                return void cb(void 0, data.response[0]);
+            } else {
+                cb('INVALID_RESPONSE');
+            }
+        });
+    };
+
+    UI.displayAvatar = function (Common, $container, href, name, cb) {
+        var MutationObserver = window.MutationObserver;
+        var displayDefault = function () {
+            var text = Cryptpad.getFirstEmojiOrCharacter(name);
+            var $avatar = $('<span>', {'class': 'default'}).text(text);
+            $container.append($avatar);
+            if (cb) { cb(); }
+        };
+
+        if (!href) { return void displayDefault(); }
+        var parsed = Cryptpad.parsePadUrl(href);
+        var secret = Cryptpad.getSecrets('file', parsed.hash);
+        if (secret.keys && secret.channel) {
+            var cryptKey = secret.keys && secret.keys.fileKeyStr;
+            var hexFileName = Cryptpad.base64ToHex(secret.channel);
+            var src = Cryptpad.getBlobPathFromHex(hexFileName);
+            UI.getFileSize(Common, href, function (e, data) {
+                if (e) {
+                    displayDefault();
+                    return void console.error(e);
+                }
+                if (typeof data !== "number") { return void displayDefault(); }
+                if (Cryptpad.bytesToMegabytes(data) > 0.5) { return void displayDefault(); }
+                var $img = $('<media-tag>').appendTo($container);
+                $img.attr('src', src);
+                $img.attr('data-crypto-key', 'cryptpad:' + cryptKey);
+                var observer = new MutationObserver(function(mutations) {
+                    mutations.forEach(function(mutation) {
+                        if (mutation.type === 'childList' && mutation.addedNodes.length) {
+                            if (mutation.addedNodes.length > 1 ||
+                                mutation.addedNodes[0].nodeName !== 'IMG') {
+                                $img.remove();
+                                return void displayDefault();
+                            }
+                            var $image = $img.find('img');
+                            var onLoad = function () {
+                                var img = new Image();
+                                img.onload = function () {
+                                    var w = img.width;
+                                    var h = img.height;
+                                    if (w>h) {
+                                        $image.css('max-height', '100%');
+                                        $img.css('flex-direction', 'column');
+                                        if (cb) { cb($img); }
+                                        return;
+                                    }
+                                    $image.css('max-width', '100%');
+                                    $img.css('flex-direction', 'row');
+                                    if (cb) { cb($img); }
+                                };
+                                img.src = $image.attr('src');
+                            };
+                            if ($image[0].complete) { onLoad(); }
+                            $image.on('load', onLoad);
+                        }
+                    });
+                });
+                observer.observe($img[0], {
+                    attributes: false,
+                    childList: true,
+                    characterData: false
+                });
+                MediaTag($img[0]);
+            });
+        }
+    };
+
+    UI.createUserAdminMenu = function (config) {
+        var Common = config.Common;
+        var metadataMgr = config.metadataMgr;
+
+        var displayNameCls = config.displayNameCls || 'displayName';
+        var $displayedName = $('<span>', {'class': displayNameCls});
+
+        var accountName = metadataMgr.getPrivateData().accountName;
+        var origin = metadataMgr.getPrivateData().origin;
+        var padType = metadataMgr.getMetadata().type;
+
+        var $userName = $('<span>', {'class': 'userDisplayName'});
+        var options = [];
+        if (config.displayNameCls) {
+            var $userAdminContent = $('<p>');
+            if (accountName) {
+                var $userAccount = $('<span>', {'class': 'userAccount'}).append(Messages.user_accountName + ': ' + Cryptpad.fixHTML(accountName));
+                $userAdminContent.append($userAccount);
+                $userAdminContent.append($('<br>'));
+            }
+            if (config.displayName) {
+                // Hide "Display name:" in read only mode
+                $userName.append(Messages.user_displayName + ': ');
+                $userName.append($displayedName);
+            }
+            $userAdminContent.append($userName);
+            options.push({
+                tag: 'p',
+                attributes: {'class': 'accountData'},
+                content: $userAdminContent.html()
+            });
+        }
+        if (padType !== 'drive') {
+            options.push({
+                tag: 'a',
+                attributes: {
+                    'target': '_blank',
+                    'href': origin+'/drive/'
+                },
+                content: Messages.login_accessDrive
+            });
+        }
+        // Add the change display name button if not in read only mode
+        if (config.changeNameButtonCls && config.displayChangeName) {
+            options.push({
+                tag: 'a',
+                attributes: {'class': config.changeNameButtonCls},
+                content: Messages.user_rename
+            });
+        }
+        if (accountName) {
+            options.push({
+                tag: 'a',
+                attributes: {'class': 'profile'},
+                content: Messages.profileButton
+            });
+        }
+        if (padType !== 'settings') {
+            options.push({
+                tag: 'a',
+                attributes: {'class': 'settings'},
+                content: Messages.settingsButton
+            });
+        }
+        // Add login or logout button depending on the current status
+        if (accountName) {
+            options.push({
+                tag: 'a',
+                attributes: {'class': 'logout'},
+                content: Messages.logoutButton
+            });
+        } else {
+            options.push({
+                tag: 'a',
+                attributes: {'class': 'login'},
+                content: Messages.login_login
+            });
+            options.push({
+                tag: 'a',
+                attributes: {'class': 'register'},
+                content: Messages.login_register
+            });
+        }
+        var $icon = $('<span>', {'class': 'fa fa-user-secret'});
+        //var $userbig = $('<span>', {'class': 'big'}).append($displayedName.clone());
+        var $userButton = $('<div>').append($icon);//.append($userbig);
+        if (accountName) {
+            $userButton = $('<div>').append(accountName);
+        }
+        /*if (account && config.displayNameCls) {
+            $userbig.append($('<span>', {'class': 'account-name'}).text('(' + accountName + ')'));
+        } else if (account) {
+            // If no display name, do not display the parentheses
+            $userbig.append($('<span>', {'class': 'account-name'}).text(accountName));
+        }*/
+        var dropdownConfigUser = {
+            text: $userButton.html(), // Button initial text
+            options: options, // Entries displayed in the menu
+            left: true, // Open to the left of the button
+            container: config.$initBlock, // optional
+            feedback: "USER_ADMIN",
+        };
+        var $userAdmin = Cryptpad.createDropdown(dropdownConfigUser);
+
+        var $displayName = $userAdmin.find('.'+displayNameCls);
+
+        var $avatar = $userAdmin.find('.buttonTitle');
+        var updateButton = function () {
+            var myData = metadataMgr.getMetadata().users[metadataMgr.getNetfluxId()];
+            if (!myData) { return; }
+            var newName = myData.name;
+            var url = myData.avatar;
+            $displayName.text(newName || Messages.anonymous);
+            if (accountName) {
+                $avatar.html('');
+                UI.displayAvatar(Common, $avatar, url, newName, function ($img) {
+                    if ($img) {
+                        $userAdmin.find('button').addClass('avatar');
+                    }
+                });
+            }
+        };
+        metadataMgr.onChange(updateButton);
+        updateButton();
+
+        $userAdmin.find('a.logout').click(function () {
+            Common.logout(function () {
+                window.top.location = origin+'/';
+            });
+        });
+        $userAdmin.find('a.settings').click(function () {
+            if (padType) {
+                window.open(origin+'/settings/');
+            } else {
+                window.top.location = origin+'/settings/';
+            }
+        });
+        $userAdmin.find('a.profile').click(function () {
+            if (padType) {
+                window.open(origin+'/profile/');
+            } else {
+                window.top.location = origin+'/profile/';
+            }
+        });
+        $userAdmin.find('a.login').click(function () {
+            Common.setLoginRedirect(function () {
+                window.top.location = origin+'/login/';
+            });
+        });
+        $userAdmin.find('a.register').click(function () {
+            Common.setLoginRedirect(function () {
+                window.top.location = origin+'/register/';
+            });
+        });
+
+        return $userAdmin;
+    };
+    
+    return UI;
+});
diff --git a/www/common/sframe-common-title.js b/www/common/sframe-common-title.js
new file mode 100644
index 000000000..20f5052ea
--- /dev/null
+++ b/www/common/sframe-common-title.js
@@ -0,0 +1,83 @@
+define(['jquery'], function ($) {
+    var module = {};
+
+    module.create = function (cfg, onLocal, Common, metadataMgr) {
+        var exp = {};
+
+        exp.defaultTitle = Common.getDefaultTitle();
+
+        exp.title = document.title;
+
+        cfg = cfg || {};
+
+        var getHeadingText = cfg.getHeadingText || function () { return; };
+
+/*        var updateLocalTitle = function (newTitle) {
+            console.error(newTitle);
+            exp.title = newTitle;
+            onLocal();
+            if (typeof cfg.updateLocalTitle === "function") {
+                cfg.updateLocalTitle(newTitle);
+            } else {
+                document.title = newTitle;
+            }
+        };*/
+
+        var $title;
+        exp.setToolbar = function (toolbar) {
+            $title = toolbar && toolbar.title;
+        };
+
+        exp.getTitle = function () { return exp.title; };
+        var isDefaultTitle = exp.isDefaultTitle = function (){return exp.title === exp.defaultTitle;};
+
+        var suggestTitle = exp.suggestTitle = function (fallback) {
+            if (isDefaultTitle()) {
+                return getHeadingText() || fallback || "";
+            } else {
+                var title = metadataMgr.getMetadata().title;
+                return title || getHeadingText() || exp.defaultTitle;
+            }
+        };
+
+        /*var renameCb = function (err, newTitle) {
+            if (err) { return; }
+            onLocal();
+            //updateLocalTitle(newTitle);
+        };*/
+
+        // update title: href is optional; if not specified, we use window.location.href
+        exp.updateTitle = function (newTitle, cb) {
+            cb = cb || $.noop;
+            if (newTitle === exp.title) { return; }
+            Common.updateTitle(newTitle, cb);
+        };
+
+        // TODO not needed?
+        /*exp.updateDefaultTitle = function (newDefaultTitle) {
+            exp.defaultTitle = newDefaultTitle;
+            if (!$title) { return; }
+            $title.find('input').attr("placeholder", exp.defaultTitle);
+        };*/
+
+        metadataMgr.onChange(function () {
+            var md = metadataMgr.getMetadata();
+            $title.find('span.title').text(md.title || md.defaultTitle);
+            $title.find('input').val(md.title || md.defaultTitle);
+            //exp.updateTitle(md.title || md.defaultTitle);
+        });
+
+        exp.getTitleConfig = function () {
+            return {
+                updateTitle: exp.updateTitle,
+                suggestName: suggestTitle,
+                defaultName: exp.defaultTitle
+            };
+        };
+
+        return exp;
+    };
+
+    return module;
+});
+
diff --git a/www/common/sframe-common.js b/www/common/sframe-common.js
new file mode 100644
index 000000000..8c0b07a15
--- /dev/null
+++ b/www/common/sframe-common.js
@@ -0,0 +1,303 @@
+define([
+    'jquery',
+    '/bower_components/nthen/index.js',
+    '/customize/messages.js',
+    '/common/sframe-chainpad-netflux-inner.js',
+    '/common/sframe-channel.js',
+    '/common/sframe-common-title.js',
+    '/common/sframe-common-interface.js',
+    '/common/sframe-common-history.js',
+    '/common/metadata-manager.js',
+
+    '/customize/application_config.js',
+    '/common/cryptpad-common.js',
+    '/common/common-realtime.js'
+], function ($, nThen, Messages, CpNfInner, SFrameChannel, Title, UI, History, MetadataMgr,
+    AppConfig, Cryptpad, CommonRealtime) {
+
+    // Chainpad Netflux Inner
+    var funcs = {};
+    var ctx = {};
+
+    funcs.Messages = Messages;
+
+    funcs.startRealtime = function (options) {
+        if (ctx.cpNfInner) { return ctx.cpNfInner; }
+        options.sframeChan = ctx.sframeChan;
+        options.metadataMgr = ctx.metadataMgr;
+        ctx.cpNfInner = CpNfInner.start(options);
+        ctx.cpNfInner.metadataMgr.onChangeLazy(options.onLocal);
+        return ctx.cpNfInner;
+    };
+
+    funcs.getMetadataMgr = function () {
+        return ctx.metadataMgr;
+    };
+    funcs.getCryptpadCommon = function () {
+        return Cryptpad;
+    };
+
+    var isLoggedIn = funcs.isLoggedIn = function () {
+        if (!ctx.cpNfInner) { throw new Error("cpNfInner is not ready!"); }
+        return ctx.cpNfInner.metadataMgr.getPrivateData().accountName;
+    };
+
+    var titleUpdated;
+    funcs.updateTitle = function (title, cb) {
+        ctx.metadataMgr.updateTitle(title);
+        titleUpdated = cb;
+    };
+
+    // UI
+    funcs.createUserAdminMenu = UI.createUserAdminMenu;
+    funcs.displayAvatar = UI.displayAvatar;
+
+    // History
+    funcs.getHistory = function (config) { return History.create(funcs, config); };
+
+    // Title module
+    funcs.createTitle = Title.create;
+
+    funcs.getDefaultTitle = function () {
+        if (!ctx.cpNfInner) { throw new Error("cpNfInner is not ready!"); }
+        return ctx.cpNfInner.metadataMgr.getMetadata().defaultTitle;
+    };
+
+    funcs.setDisplayName = function (name, cb) {
+        ctx.sframeChan.query('Q_SETTINGS_SET_DISPLAY_NAME', name, function (err) {
+            if (cb) { cb(err); }
+        });
+    };
+
+    funcs.logout = function (cb) {
+        ctx.sframeChan.query('Q_LOGOUT', null, function (err) {
+            if (cb) { cb(err); }
+        });
+    };
+
+    funcs.setLoginRedirect = function (cb) {
+        ctx.sframeChan.query('Q_SET_LOGIN_REDIRECT', null, function (err) {
+            if (cb) { cb(err); }
+        });
+    };
+
+    funcs.sendAnonRpcMsg = function (msg, content, cb) {
+        ctx.sframeChan.query('Q_ANON_RPC_MESSAGE', {
+            msg: msg,
+            content: content
+        }, function (err, data) {
+            if (cb) { cb(data); }
+        });
+    };
+
+    funcs.isOverPinLimit = function (cb) {
+        ctx.sframeChan.query('Q_GET_PIN_LIMIT_STATUS', null, function (err, data) {
+            cb(data.error, data.overLimit, data.limits);
+        });
+    };
+
+    funcs.getFullHistory = function (realtime, cb) {
+        ctx.sframeChan.on('EV_RT_HIST_MESSAGE', function (content) {
+            realtime.message(content);
+        });
+        ctx.sframeChan.query('Q_GET_FULL_HISTORY', null, cb);
+    };
+
+    funcs.feedback = function (action, force) {
+        if (force !== true) {
+            if (!action) { return; }
+            try {
+                if (!ctx.metadataMgr.getPrivateData().feedbackAllowed) { return; }
+            } catch (e) { return void console.error(e); }
+        }
+        var randomToken = Math.random().toString(16).replace(/0./, '');
+        //var origin = ctx.metadataMgr.getPrivateData().origin;
+        var href = /*origin +*/ '/common/feedback.html?' + action + '=' + randomToken;
+        $.ajax({
+            type: "HEAD",
+            url: href,
+        });
+    };
+    var prepareFeedback = function (key) {
+        if (typeof(key) !== 'string') { return $.noop; }
+
+        var type = ctx.metadataMgr.getMetadata().type;
+        return function () {
+            funcs.feedback((key + (type? '_' + type: '')).toUpperCase());
+        };
+    };
+
+    // BUTTONS
+    var isStrongestStored = function () {
+        var data = ctx.metadataMgr.getPrivateData();
+        return !data.readOnly || !data.availableHashes.editHash;
+    };
+    funcs.createButton = function (type, rightside, data, callback) {
+        var button;
+        var size = "17px";
+        switch (type) {
+            case 'export':
+                button = $('<button>', {
+                    'class': 'fa fa-download',
+                    title: Messages.exportButtonTitle,
+                }).append($('<span>', {'class': 'drawer'}).text(Messages.exportButton));
+
+                button.click(prepareFeedback(type));
+                if (callback) {
+                    button.click(callback);
+                }
+                break;
+            case 'import':
+                button = $('<button>', {
+                    'class': 'fa fa-upload',
+                    title: Messages.importButtonTitle,
+                }).append($('<span>', {'class': 'drawer'}).text(Messages.importButton));
+                if (callback) {
+                    button
+                    .click(prepareFeedback(type))
+                    .click(Cryptpad.importContent('text/plain', function (content, file) {
+                        callback(content, file);
+                    }, {accept: data ? data.accept : undefined}));
+                }
+                break;
+            case 'template':
+                if (!AppConfig.enableTemplates) { return; }
+                button = $('<button>', {
+                    title: Messages.saveTemplateButton,
+                }).append($('<span>', {'class':'fa fa-bookmark', style: 'font:'+size+' FontAwesome'}));
+                if (data.rt) {
+                    button
+                    .click(function () {
+                        var title = data.getTitle() || document.title;
+                        var todo = function (val) {
+                            if (typeof(val) !== "string") { return; }
+                            var toSave = data.rt.getUserDoc();
+                            if (val.trim()) {
+                                val = val.trim();
+                                title = val;
+                                try {
+                                    var parsed = JSON.parse(toSave);
+                                    var meta;
+                                    if (Array.isArray(parsed) && typeof(parsed[3]) === "object") {
+                                        meta = parsed[3].metadata; // pad
+                                    } else if (parsed.info) {
+                                        meta = parsed.info; // poll
+                                    } else {
+                                        meta = parsed.metadata;
+                                    }
+                                    if (typeof(meta) === "object") {
+                                        meta.title = val;
+                                        meta.defaultTitle = val;
+                                        delete meta.users;
+                                    }
+                                    toSave = JSON.stringify(parsed);
+                                } catch(e) {
+                                    console.error("Parse error while setting the title", e);
+                                }
+                            }
+                            ctx.sframeChan.query('Q_SAVE_AS_TEMPLATE', {
+                                title: title,
+                                toSave: toSave
+                            }, function () {
+                                Cryptpad.alert(Messages.templateSaved);
+                                funcs.feedback('TEMPLATE_CREATED');
+                            });
+                        };
+                        Cryptpad.prompt(Messages.saveTemplatePrompt, title, todo);
+                    });
+                }
+                break;
+            case 'forget':
+                button = $('<button>', {
+                    id: 'cryptpad-forget',
+                    title: Messages.forgetButtonTitle,
+                    'class': "fa fa-trash cryptpad-forget",
+                    style: 'font:'+size+' FontAwesome'
+                });
+                if (!isStrongestStored()) {
+                    button.addClass('hidden');
+                }
+                if (callback) {
+                    button
+                    .click(prepareFeedback(type))
+                    .click(function() {
+                        var msg = isLoggedIn() ? Messages.forgetPrompt : Messages.fm_removePermanentlyDialog;
+                        Cryptpad.confirm(msg, function (yes) {
+                            if (!yes) { return; }
+                            ctx.sframeChan.query('Q_MOVE_TO_TRASH', null, function (err) {
+                                if (err) { return void callback(err); }
+                                var cMsg = isLoggedIn() ? Messages.movedToTrash : Messages.deleted;
+                                Cryptpad.alert(cMsg, undefined, true);
+                                callback();
+                                return;
+                            });
+                        });
+
+                    });
+                }
+                break;
+            case 'history':
+                if (!AppConfig.enableHistory) {
+                    button = $('<span>');
+                    break;
+                }
+                button = $('<button>', {
+                    title: Messages.historyButton,
+                    'class': "fa fa-history history",
+                }).append($('<span>', {'class': 'drawer'}).text(Messages.historyText));
+                if (data.histConfig) {
+                    button
+                    .click(prepareFeedback(type))
+                    .on('click', function () {
+                        funcs.getHistory(data.histConfig);
+                    });
+                }
+                break;
+            case 'more':
+                button = $('<button>', {
+                    title: Messages.moreActions || 'TODO',
+                    'class': "drawer-button fa fa-ellipsis-h",
+                    style: 'font:'+size+' FontAwesome'
+                });
+                break;
+            default:
+                button = $('<button>', {
+                    'class': "fa fa-question",
+                    style: 'font:'+size+' FontAwesome'
+                })
+                .click(prepareFeedback(type));
+        }
+        if (rightside) {
+            button.addClass('rightside-button');
+        }
+        return button;
+        
+    };
+/*    funcs.storeLinkToClipboard = function (readOnly, cb) {
+        ctx.sframeChan.query('Q_STORE_LINK_TO_CLIPBOARD', readOnly, function (err) {
+            if (cb) { cb(err); }
+        });
+    };
+*/
+    
+    Object.freeze(funcs);
+    return { create: function (cb) {
+        nThen(function (waitFor) {
+            SFrameChannel.create(window.top, waitFor(function (sfc) { ctx.sframeChan = sfc; }));
+            // CpNfInner.start() should be here....
+        }).nThen(function () {
+            ctx.metadataMgr = MetadataMgr.create(ctx.sframeChan);
+            ctx.metadataMgr.onTitleChange(function (title) {
+                ctx.sframeChan.query('Q_SET_PAD_TITLE_IN_DRIVE', title, function (err) {
+                    if (err) { return; }
+                    if (titleUpdated) { titleUpdated(undefined, title); }
+                });
+            });
+
+            ctx.sframeChan.on('EV_RT_CONNECT', function () { CommonRealtime.setConnectionState(true); });
+            ctx.sframeChan.on('EV_RT_DISCONNECT', function () { CommonRealtime.setConnectionState(false); });
+
+            cb(funcs);
+        });
+    } };
+});
diff --git a/www/common/sframe-protocol.js b/www/common/sframe-protocol.js
new file mode 100644
index 000000000..7b0a41222
--- /dev/null
+++ b/www/common/sframe-protocol.js
@@ -0,0 +1,77 @@
+// This file defines all of the RPC calls which are used between the inner and outer iframe.
+// Define *querys* (which expect a response) using Q_<query name>
+// Define *events* (which expect no response) using EV_<event name>
+// Please document the queries and events you create, and please please avoid making generic
+// "do stuff" events/queries which are used for many different things because it makes the
+// protocol unclear.
+//
+// WARNING: At this point, this protocol is still EXPERIMENTAL. This is not it's final form.
+//   We need to define protocol one piece at a time and then when we are satisfied that we
+//   fully understand the problem, we will define the *right* protocol and this file will be dynomited.
+//
+define({
+    // When the iframe first launches, this query is sent repeatedly by the controller
+    // to wait for it to awake and give it the requirejs config to use.
+    'Q_INIT': true,
+
+    // When either the outside or inside registers a query handler, this is sent.
+    'EV_REGISTER_HANDLER': true,
+
+    // Realtime events called from the outside.
+    // When someone joins the pad, argument is a string with their netflux id.
+    'EV_RT_JOIN': true,
+    // When someone leaves the pad, argument is a string with their netflux id.
+    'EV_RT_LEAVE': true,
+    // When you have been disconnected, no arguments.
+    'EV_RT_DISCONNECT': true,
+    // When you have connected, argument is an object with myID: string, members: list, readOnly: boolean.
+    'EV_RT_CONNECT': true,
+    // Called after the history is finished synchronizing, no arguments.
+    'EV_RT_READY': true,
+    // Called from both outside and inside, argument is a (string) chainpad message.
+    'Q_RT_MESSAGE': true,
+
+    // Called from the outside, this informs the inside whenever the user's data has been changed.
+    // The argument is the object representing the content of the user profile minus the netfluxID
+    // which changes per-reconnect.
+    'EV_METADATA_UPDATE': true,
+
+    // Takes one argument only, the title to set for the CURRENT pad which the user is looking at.
+    // This changes the pad title in drive ONLY, the pad title needs to be changed inside of the
+    // iframe and synchronized with the other users. This will not trigger a EV_METADATA_UPDATE
+    // because the metadata contained in EV_METADATA_UPDATE does not contain the pad title.
+    'Q_SET_PAD_TITLE_IN_DRIVE': true,
+
+    // Update the user's display-name which will be shown to contacts and people in the same pads.
+    'Q_SETTINGS_SET_DISPLAY_NAME': true,
+
+    // Log the user out in all the tabs
+    'Q_LOGOUT': true,
+
+    // When moving to the login or register page from a pad, we need to redirect to that pad at the
+    // end of the login process. This query set the current href to the sessionStorage.
+    'Q_SET_LOGIN_REDIRECT': true,
+
+    // Store the editing or readonly link of the current pad to the clipboard (share button).
+    'Q_STORE_LINK_TO_CLIPBOARD': true,
+
+    // Use anonymous rpc from inside the iframe (for avatars & pin usage).
+    'Q_ANON_RPC_MESSAGE': true,
+
+    // Check the pin limit to determine if we can store the pad in the drive or if we should.
+    // display a warning
+    'Q_GET_PIN_LIMIT_STATUS': true,
+
+    // Move a pad to the trash when using the forget button.
+    'Q_MOVE_TO_TRASH': true,
+
+    // Request the full history from the server when the users clicks on the history button.
+    // Callback is called when the FULL_HISTORY_END message is received in the outside.
+    'Q_GET_FULL_HISTORY': true,
+    // When a (full) history message is received from the server.
+    'EV_RT_HIST_MESSAGE': true,
+
+    // Save a pad as a template using the toolbar button
+    'Q_SAVE_AS_TEMPLATE': true,
+
+});
diff --git a/www/common/toolbar3.js b/www/common/toolbar3.js
new file mode 100644
index 000000000..970dc4c53
--- /dev/null
+++ b/www/common/toolbar3.js
@@ -0,0 +1,999 @@
+define([
+    'jquery',
+    '/customize/application_config.js',
+    '/api/config',
+], function ($, Config, ApiConfig) {
+    var Messages = {};
+    var Cryptpad;
+    var Common;
+
+    var Bar = {
+        constants: {},
+    };
+
+    var SPINNER_DISAPPEAR_TIME = 1000;
+
+    // Toolbar parts
+    var TOOLBAR_CLS = Bar.constants.toolbar = 'cryptpad-toolbar';
+    var TOP_CLS = Bar.constants.top = 'cryptpad-toolbar-top';
+    var LEFTSIDE_CLS = Bar.constants.leftside = 'cryptpad-toolbar-leftside';
+    var RIGHTSIDE_CLS = Bar.constants.rightside = 'cryptpad-toolbar-rightside';
+    var DRAWER_CLS = Bar.constants.drawer = 'drawer-content';
+    var HISTORY_CLS = Bar.constants.history = 'cryptpad-toolbar-history';
+
+    // Userlist
+    var USERLIST_CLS = Bar.constants.userlist = "cryptpad-dropdown-users";
+    var EDITSHARE_CLS = Bar.constants.editShare = "cryptpad-dropdown-editShare";
+    var VIEWSHARE_CLS = Bar.constants.viewShare = "cryptpad-dropdown-viewShare";
+    var SHARE_CLS = Bar.constants.viewShare = "cryptpad-dropdown-share";
+
+    // Top parts
+    var USER_CLS = Bar.constants.userAdmin = "cryptpad-user";
+    var SPINNER_CLS = Bar.constants.spinner = 'cryptpad-spinner';
+    var LIMIT_CLS = Bar.constants.lag = 'cryptpad-limit';
+    var TITLE_CLS = Bar.constants.title = "cryptpad-title";
+    var NEWPAD_CLS = Bar.constants.newpad = "cryptpad-new";
+
+    // User admin menu
+    var USERADMIN_CLS = Bar.constants.user = 'cryptpad-user-dropdown';
+    var USERNAME_CLS = Bar.constants.username = 'cryptpad-toolbar-username';
+    /*var READONLY_CLS = */Bar.constants.readonly = 'cryptpad-readonly';
+    var USERBUTTON_CLS = Bar.constants.changeUsername = "cryptpad-change-username";
+
+    // Create the toolbar element
+
+    var uid = function () {
+        return 'cryptpad-uid-' + String(Math.random()).substring(2);
+    };
+
+    var createRealtimeToolbar = function (config) {
+        if (!config.$container) { return; }
+        var $container = config.$container;
+        var $toolbar = $('<div>', {
+            'class': TOOLBAR_CLS,
+            id: uid(),
+        });
+
+        // TODO iframe
+        // var parsed = Cryptpad.parsePadUrl(window.location.href);
+        var parsed = { type:'pad' };
+        if (typeof parsed.type === "string") {
+            config.$container.parents('body').addClass('app-' + parsed.type);
+        }
+
+        var $topContainer = $('<div>', {'class': TOP_CLS});
+        $('<span>', {'class': 'filler'}).appendTo($topContainer);
+        var $userContainer = $('<span>', {
+            'class': USER_CLS
+        }).appendTo($topContainer);
+        $('<span>', {'class': LIMIT_CLS}).hide().appendTo($userContainer);
+        $('<span>', {'class': NEWPAD_CLS + ' dropdown-bar'}).hide().appendTo($userContainer);
+        $('<span>', {'class': USERADMIN_CLS + ' dropdown-bar'}).hide().appendTo($userContainer);
+
+        $toolbar.append($topContainer)
+        .append($('<div>', {'class': LEFTSIDE_CLS}))
+        .append($('<div>', {'class': RIGHTSIDE_CLS}))
+        .append($('<div>', {'class': HISTORY_CLS}));
+
+        var $rightside = $toolbar.find('.'+RIGHTSIDE_CLS);
+        if (!config.hideDrawer) {
+            var $drawerContent = $('<div>', {
+                'class': DRAWER_CLS,// + ' dropdown-bar-content cryptpad-dropdown'
+                'tabindex': 1
+            }).appendTo($rightside).hide();
+            var $drawer = Cryptpad.createButton('more', true).appendTo($rightside);
+            $drawer.click(function () {
+                $drawerContent.toggle();
+                $drawer.removeClass('active');
+                if ($drawerContent.is(':visible')) {
+                    $drawer.addClass('active');
+                    $drawerContent.focus();
+                }
+            });
+            var onBlur = function (e) {
+                if (e.relatedTarget) {
+                    if ($(e.relatedTarget).is('.drawer-button')) { return; }
+                    if ($(e.relatedTarget).parents('.'+DRAWER_CLS).length) {
+                        $(e.relatedTarget).blur(onBlur);
+                        return;
+                    }
+                }
+                $drawer.removeClass('active');
+                $drawerContent.hide();
+            };
+            $drawerContent.blur(onBlur);
+        }
+
+        // The 'notitle' class removes the line added for the title with a small screen
+        if (!config.title || typeof config.title !== "object") {
+            $toolbar.addClass('notitle');
+        }
+
+        $container.prepend($toolbar);
+
+        $container.on('drop dragover', function (e) {
+            e.preventDefault();
+            e.stopPropagation();
+        });
+        return $toolbar;
+    };
+
+    // Userlist elements
+
+    var getOtherUsers = function(config) {
+        //var userList = config.userList.getUserlist();
+        var userData = config.metadataMgr.getMetadata().users;
+
+        var i = 0; // duplicates counter
+        var list = [];
+
+        // Display only one time each user (if he is connected in multiple tabs)
+        var uids = [];
+        Object.keys(userData).forEach(function(user) {
+            //if (user !== userNetfluxId) {
+                var data = userData[user] || {};
+                var userId = data.uid;
+                if (!userId) { return; }
+                //data.netfluxId = user;
+                if (uids.indexOf(userId) === -1) {// && (!myUid || userId !== myUid)) {
+                    uids.push(userId);
+                    list.push(data);
+                } else { i++; }
+            //}
+        });
+        return {
+            list: list,
+            duplicates: i
+        };
+    };
+
+    var avatars = {};
+    var updateUserList = function (toolbar, config) {
+        // Make sure the elements are displayed
+        var $userButtons = toolbar.userlist;
+        var $userlistContent = toolbar.userlistContent;
+
+        var metadataMgr = config.metadataMgr;
+        var userData = metadataMgr.getMetadata().users;
+        var viewers = metadataMgr.getViewers();
+        var origin = config.metadataMgr.getPrivateData().origin;
+
+        // If we are using old pads (readonly unavailable), only editing users are in userList.
+        // With new pads, we also have readonly users in userList, so we have to intersect with
+        // the userData to have only the editing users. We can't use userData directly since it
+        // may contain data about users that have already left the channel.
+        //userList = config.readOnly === -1 ? userList : arrayIntersect(userList, Object.keys(userData));
+
+        // Names of editing users
+        var others = getOtherUsers(config);
+        var editUsersNames = others.list;
+        var duplicates = others.duplicates; // Number of duplicates
+
+        editUsersNames.sort(function (a, b) {
+            var na = a.name || Messages.anonymous;
+            var nb = b.name || Messages.anonymous;
+            return na.toLowerCase() > nb.toLowerCase();
+        });
+
+        var numberOfEditUsers = Object.keys(userData).length - duplicates;
+        var numberOfViewUsers = viewers;
+
+        // Update the userlist
+        var $editUsers = $userlistContent.find('.' + USERLIST_CLS).html('');
+        Cryptpad.clearTooltips();
+
+        var $editUsersList = $('<div>', {'class': 'userlist-others'});
+
+        // Editors
+        // TODO iframe enable friends
+        //var pendingFriends = Cryptpad.getPendingInvites();
+        editUsersNames.forEach(function (data) {
+            var name = data.name || Messages.anonymous;
+            var $span = $('<span>', {'class': 'avatar'});
+            var $rightCol = $('<span>', {'class': 'right-col'});
+            $('<span>', {'class': 'name'}).text(name).appendTo($rightCol);
+            //var proxy = Cryptpad.getProxy();
+            //var isMe = data.curvePublic === proxy.curvePublic;
+
+            /*if (Cryptpad.isLoggedIn() && data.curvePublic) {
+                if (isMe) {
+                    $span.attr('title', Messages._getKey('userlist_thisIsYou', [
+                        name
+                    ]));
+                    $nameSpan.text(name);
+                } else if (!proxy.friends || !proxy.friends[data.curvePublic]) {
+                    if (pendingFriends.indexOf(data.netfluxId) !== -1) {
+                        $('<span>', {'class': 'friend'}).text(Messages.userlist_pending)
+                            .appendTo($rightCol);
+                    } else {
+                        $('<span>', {
+                            'class': 'fa fa-user-plus friend',
+                            'title': Messages._getKey('userlist_addAsFriendTitle', [
+                                name
+                            ])
+                        }).appendTo($rightCol).click(function (e) {
+                            e.stopPropagation();
+                            Cryptpad.inviteFromUserlist(Cryptpad, data.netfluxId);
+                        });
+                    }
+                }
+            }*/
+            if (data.profile) {
+                $span.addClass('clickable');
+                $span.click(function () {
+                    window.open(origin+'/profile/#' + data.profile);
+                });
+            }
+            if (data.avatar && avatars[data.avatar]) {
+                $span.append(avatars[data.avatar]);
+                $span.append($rightCol);
+            } else {
+                Common.displayAvatar(Common, $span, data.avatar, name, function ($img) {
+                    if (data.avatar && $img) {
+                        avatars[data.avatar] = $img[0].outerHTML;
+                    }
+                    $span.append($rightCol);
+                });
+            }
+            $span.data('uid', data.uid);
+            $editUsersList.append($span);
+        });
+        $editUsers.append($editUsersList);
+
+        // Viewers
+        if (numberOfViewUsers > 0) {
+            var viewText = '<div class="viewer">';
+            var viewerText = numberOfViewUsers !== 1 ? Messages.viewers : Messages.viewer;
+            viewText += numberOfViewUsers + ' ' + viewerText + '</div>';
+            $editUsers.append(viewText);
+        }
+
+        // Update the buttons
+        var fa_editusers = '<span class="fa fa-users"></span>';
+        var fa_viewusers = '<span class="fa fa-eye"></span>';
+        var $spansmall = $('<span>').html(fa_editusers + ' ' + numberOfEditUsers + '&nbsp;&nbsp; ' + fa_viewusers + ' ' + numberOfViewUsers);
+        $userButtons.find('.buttonTitle').html('').append($spansmall);
+    };
+
+    var initUserList = function (toolbar, config) {
+        // TODO clean comments
+        if (config.metadataMgr) { /* && config.userList.list && config.userList.userNetfluxId) {*/
+            //var userList = config.userList.list;
+            //userList.change.push
+            var metadataMgr = config.metadataMgr;
+            metadataMgr.onChange(function () {
+                if (metadataMgr.isConnected()) {toolbar.connected = true;}
+                if (!toolbar.connected) { return; }
+                //if (config.userList.data) {
+                    updateUserList(toolbar, config);
+                //}
+            });
+        }
+    };
+
+
+    // Create sub-elements
+
+    var createUserList = function (toolbar, config) {
+        if (!config.metadataMgr) {
+            throw new Error("You must provide a `metadataMgr` to display the userlist");
+        }
+        var $content = $('<div>', {'class': 'userlist-drawer'});
+        $content.on('drop dragover', function (e) {
+            e.preventDefault();
+            e.stopPropagation();
+        });
+        var $closeIcon = $('<span>', {"class": "fa fa-window-close close"}).appendTo($content);
+        $('<h2>').text(Messages.users).appendTo($content);
+        $('<p>', {'class': USERLIST_CLS}).appendTo($content);
+
+        toolbar.userlistContent = $content;
+
+        var $container = $('<span>', {id: 'userButtons', title: Messages.userListButton});
+
+        var $button = $('<button>').appendTo($container);
+        $('<span>',{'class': 'buttonTitle'}).appendTo($button);
+
+        toolbar.$leftside.prepend($container);
+
+        if (config.$contentContainer) {
+            config.$contentContainer.prepend($content);
+        }
+
+        var $ck = config.$container.find('.cke_toolbox_main');
+        var mobile = $('body').width() <= 600;
+        var hide = function () {
+            $content.hide();
+            $button.removeClass('active');
+            $ck.css({
+                'padding-left': '',
+            });
+        };
+        var show = function () {
+            $content.show();
+            if (mobile) {
+                $ck.hide();
+            }
+            $button.addClass('active');
+            $ck.css({
+                'padding-left': '175px',
+            });
+            var h = $ck.is(':visible') ? -$ck.height() : 0;
+            $content.css('margin-top', h+'px');
+        };
+        $(window).on('cryptpad-ck-toolbar', function () {
+            if (mobile && $ck.is(':visible')) { return void hide(); }
+            if ($content.is(':visible')) { return void show(); }
+            hide();
+        });
+        $(window).on('resize', function () {
+            mobile = $('body').width() <= 600;
+            var h = $ck.is(':visible') ? -$ck.height() : 0;
+            $content.css('margin-top', h+'px');
+        });
+        $closeIcon.click(function () {
+            //Cryptpad.setAttribute('userlist-drawer', false); TODO iframe
+            hide();
+        });
+        $button.click(function () {
+            var visible = $content.is(':visible');
+            if (visible) { hide(); }
+            else { show(); }
+            visible = !visible;
+            // TODO iframe
+            //Cryptpad.setAttribute('userlist-drawer', visible);
+            Common.feedback(visible?'USERLIST_SHOW': 'USERLIST_HIDE');
+        });
+        show();
+        // TODO iframe
+        /*Cryptpad.getAttribute('userlist-drawer', function (err, val) {
+            if (val === false || mobile) { return void hide(); }
+            show();
+        });*/
+
+        return $container;
+    };
+
+    var createShare = function (toolbar, config) {
+        if (!config.metadataMgr) {
+            throw new Error("You must provide a `metadataMgr` to display the userlist");
+        }
+        var metadataMgr = config.metadataMgr;
+        var origin = config.metadataMgr.getPrivateData().origin;
+        var pathname = config.metadataMgr.getPrivateData().pathname;
+        var hashes = metadataMgr.getPrivateData().availableHashes;
+        var readOnly = metadataMgr.getPrivateData().readOnly;
+
+        var $shareIcon = $('<span>', {'class': 'fa fa-share-alt'});
+        var options = [];
+
+        if (hashes.editHash) {
+            options.push({
+                tag: 'a',
+                attributes: {title: Messages.editShareTitle, 'class': 'editShare'},
+                content: '<span class="fa fa-users"></span> ' + Messages.editShare
+            });
+            if (readOnly) {
+                // We're in view mode, display the "open editing link" button
+                options.push({
+                    tag: 'a',
+                    attributes: {
+                        title: Messages.editOpenTitle,
+                        'class': 'editOpen',
+                        href: origin + pathname + '#' + hashes.editHash,
+                        target: '_blank'
+                    },
+                    content: '<span class="fa fa-users"></span> ' + Messages.editOpen
+                });
+            }
+            options.push({tag: 'hr'});
+        }
+        if (hashes.viewHash) {
+            options.push({
+                tag: 'a',
+                attributes: {title: Messages.viewShareTitle, 'class': 'viewShare'},
+                content: '<span class="fa fa-eye"></span> ' + Messages.viewShare
+            });
+            if (!readOnly) {
+                // We're in edit mode, display the "open readonly" button
+                options.push({
+                    tag: 'a',
+                    attributes: {
+                        title: Messages.viewOpenTitle,
+                        'class': 'viewOpen',
+                        href: origin + pathname + '#' + hashes.viewHash,
+                        target: '_blank'
+                    },
+                    content: '<span class="fa fa-eye"></span> ' + Messages.viewOpen
+                });
+            }
+        }
+        var dropdownConfigShare = {
+            text: $('<div>').append($shareIcon).html(),
+            options: options,
+            feedback: 'SHARE_MENU',
+        };
+        var $shareBlock = Cryptpad.createDropdown(dropdownConfigShare);
+        $shareBlock.find('.dropdown-bar-content').addClass(SHARE_CLS).addClass(EDITSHARE_CLS).addClass(VIEWSHARE_CLS);
+        $shareBlock.addClass('shareButton');
+        $shareBlock.find('button').attr('title', Messages.shareButton);
+
+        if (hashes.editHash) {
+            $shareBlock.find('a.editShare').click(function () {
+                /*Common.storeLinkToClipboard(false, function (err) {
+                    if (!err) { Cryptpad.log(Messages.shareSuccess); }
+                });*/
+                var url = origin + pathname + '#' + hashes.editHash;
+                var success = Cryptpad.Clipboard.copy(url);
+                if (success) { Cryptpad.log(Messages.shareSuccess); }
+            });
+        }
+        if (hashes.viewHash) {
+            $shareBlock.find('a.viewShare').click(function () {
+                /*Common.storeLinkToClipboard(true, function (err) {
+                    if (!err) { Cryptpad.log(Messages.shareSuccess); }
+                });*/
+                var url = origin + pathname + '#' + hashes.viewHash;
+                var success = Cryptpad.Clipboard.copy(url);
+                if (success) { Cryptpad.log(Messages.shareSuccess); }
+            });
+        }
+
+        toolbar.$leftside.append($shareBlock);
+        toolbar.share = $shareBlock;
+
+        return "Loading share button";
+    };
+
+    var createFileShare = function (toolbar) {
+        if (!window.location.hash) {
+            throw new Error("Unable to display the share button: hash required in the URL");
+        }
+        var $shareIcon = $('<span>', {'class': 'fa fa-share-alt'});
+        var $button = $('<button>', {'title': Messages.shareButton}).append($shareIcon);
+        $button.addClass('shareButton');
+        $button.click(function () {
+            var url = window.location.href;
+            var success = Cryptpad.Clipboard.copy(url);
+            if (success) { Cryptpad.log(Messages.shareSuccess); }
+        });
+
+        toolbar.$leftside.append($button);
+        return $button;
+    };
+
+    var createTitle = function (toolbar, config) {
+        var $titleContainer = $('<span>', {
+            id: 'toolbarTitle',
+            'class': TITLE_CLS
+        }).appendTo(toolbar.$top);
+
+        var $hoverable = $('<span>', {'class': 'hoverable'}).appendTo($titleContainer);
+
+        if (typeof config.title !== "object") {
+            console.error("config.title", config);
+            throw new Error("config.title is not an object");
+        }
+        var updateTitle = config.title.updateTitle;
+        var placeholder = config.title.defaultName;
+        var suggestName = config.title.suggestName;
+
+        // Buttons
+        var $text = $('<span>', {
+            'class': 'title'
+        }).appendTo($hoverable);
+        var $pencilIcon = $('<span>', {
+            'class': 'pencilIcon',
+            'title': Messages.clickToEdit
+        });
+        var $saveIcon = $('<span>', {
+            'class': 'saveIcon',
+            'title': Messages.saveTitle
+        }).hide();
+        if (config.readOnly === 1) {
+            $titleContainer.append($('<span>', {'class': 'readOnly'})
+                .text('('+Messages.readonly+')'));
+        }
+        if (config.readOnly === 1 || typeof(Cryptpad) === "undefined") { return $titleContainer; }
+        var $input = $('<input>', {
+            type: 'text',
+            placeholder: placeholder
+        }).appendTo($hoverable).hide();
+        if (config.readOnly !== 1) {
+            $text.attr("title", Messages.clickToEdit);
+            $text.addClass("editable");
+            var $icon = $('<span>', {
+                'class': 'fa fa-pencil readonly',
+                style: 'font-family: FontAwesome;'
+            });
+            $pencilIcon.append($icon).appendTo($hoverable);
+            var $icon2 = $('<span>', {
+                'class': 'fa fa-check readonly',
+                style: 'font-family: FontAwesome;'
+            });
+            $saveIcon.append($icon2).appendTo($hoverable);
+        }
+
+        // Events
+        $input.on('mousedown', function (e) {
+            if (!$input.is(":focus")) {
+                $input.focus();
+            }
+            e.stopPropagation();
+            return true;
+        });
+        var save = function () {
+            var name = $input.val().trim();
+            if (name === "") {
+                name = $input.attr('placeholder');
+            }
+            updateTitle(name, function (err/*, newtitle*/) {
+                if (err) { return console.error(err); }
+                //$text.text(newtitle);
+                $input.hide();
+                $text.show();
+                $pencilIcon.show();
+                $saveIcon.hide();
+            });
+        };
+        $input.on('keyup', function (e) {
+            if (e.which === 13 && toolbar.connected === true) {
+                save();
+            } else if (e.which === 27) {
+                $input.hide();
+                $text.show();
+                $pencilIcon.show();
+                $saveIcon.hide();
+                //$pencilIcon.css('display', '');
+            } else if (e.which === 32) {
+                e.stopPropagation();
+            }
+        });
+        $saveIcon.click(save);
+
+        var displayInput = function () {
+            if (toolbar.connected === false) { return; }
+            $input.width(Math.max($text.width(), 300)+'px');
+            $text.hide();
+            //$pencilIcon.css('display', 'none');
+            var inputVal = suggestName() || "";
+            $input.val(inputVal);
+            $input.show();
+            $input.focus();
+            $pencilIcon.hide();
+            $saveIcon.show();
+        };
+        $text.on('click', displayInput);
+        $pencilIcon.on('click', displayInput);
+        return $titleContainer;
+    };
+
+    var createPageTitle = function (toolbar, config) {
+        if (config.title || !config.pageTitle) { return; }
+        var $titleContainer = $('<span>', {
+            id: 'toolbarTitle',
+            'class': TITLE_CLS
+        }).appendTo(toolbar.$top);
+
+        toolbar.$top.find('.filler').hide();
+
+        var $hoverable = $('<span>', {'class': 'hoverable'}).appendTo($titleContainer);
+
+        // Buttons
+        $('<span>', {
+            'class': 'title pageTitle'
+        }).appendTo($hoverable).text(config.pageTitle);
+    };
+
+    var createLinkToMain = function (toolbar) {
+        var $linkContainer = $('<span>', {
+            'class': "cryptpad-link"
+        }).appendTo(toolbar.$top);
+
+        // We need to override the "a" tag action here because it is inside the iframe!
+        var inDrive = /^\/drive/;
+
+        var href = inDrive ? '/index.html' : '/drive/';
+        var buttonTitle = inDrive ? Messages.header_homeTitle : Messages.header_logoTitle;
+
+        var $aTag = $('<a>', {
+            href: href,
+            title: buttonTitle,
+            'class': "cryptpad-logo"
+        }).append($('<img>', {
+            src: '/customize/images/logo_white.png?' + ApiConfig.requireConf.urlArgs
+        }));
+        var onClick = function (e) {
+            e.preventDefault();
+            if (e.ctrlKey) {
+                window.open(href);
+                return;
+            }
+            window.location = href;
+        };
+
+        var onContext = function (e) { e.stopPropagation(); };
+
+        $aTag.click(onClick).contextmenu(onContext);
+
+        $linkContainer.append($aTag);
+
+        return $linkContainer;
+    };
+
+    var typing = -1;
+    var kickSpinner = function (toolbar, config, local) {
+        if (!toolbar.spinner) { return; }
+        var $spin = toolbar.spinner;
+
+        if (typing === -1) {
+            typing = 1;
+            $spin.text(Messages.typing);
+            $spin.interval = window.setInterval(function () {
+                var dots = Array(typing+1).join('.');
+                $spin.text(Messages.typing + dots);
+                typing++;
+                if (typing > 3) { typing = 0; }
+            }, 500);
+        }
+        var onSynced = function () {
+            if ($spin.timeout) { clearTimeout($spin.timeout); }
+            $spin.timeout = setTimeout(function () {
+                window.clearInterval($spin.interval);
+                typing = -1;
+                $spin.text(Messages.saved);
+            }, local ? 0 : SPINNER_DISAPPEAR_TIME);
+        };
+        if (Cryptpad) {
+            Cryptpad.whenRealtimeSyncs(config.realtime, onSynced);
+            return;
+        }
+        onSynced();
+    };
+    var ks = function (toolbar, config, local) {
+        return function () {
+            if (toolbar.connected) { kickSpinner(toolbar, config, local); }
+        };
+    };
+    var createSpinner = function (toolbar, config) {
+        var $spin = $('<span>', {'class': SPINNER_CLS}).appendTo(toolbar.$leftside);
+        $spin.text(Messages.synchronizing);
+
+        if (config.realtime) {
+            config.realtime.onPatch(ks(toolbar, config));
+            config.realtime.onMessage(ks(toolbar, config, true));
+        }
+        // without this, users in read-only mode say 'synchronizing' until they
+        // receive a patch.
+        if (Cryptpad) {
+            typing = 0;
+            Cryptpad.whenRealtimeSyncs(config.realtime, function () {
+                kickSpinner(toolbar, config);
+            });
+        }
+        return $spin;
+    };
+
+    var createLimit = function (toolbar) {
+        if (!Config.enablePinning) { return; }
+        var $limitIcon = $('<span>', {'class': 'fa fa-exclamation-triangle'});
+        var $limit = toolbar.$userAdmin.find('.'+LIMIT_CLS).attr({
+            'title': Messages.pinLimitReached
+        }).append($limitIcon).hide();
+        var todo = function (e, overLimit) {
+            if (e) { return void console.error("Unable to get the pinned usage"); }
+            if (overLimit) {
+                var key = 'pinLimitReachedAlert';
+                if (ApiConfig.noSubscriptionButton === true) {
+                    key = 'pinLimitReachedAlertNoAccounts';
+                }
+                $limit.show().click(function () {
+                    Cryptpad.alert(Messages._getKey(key, [encodeURIComponent(window.location.hostname)]), null, true);
+                });
+            }
+        };
+        Common.isOverPinLimit(todo);
+
+        return $limit;
+    };
+
+    var createNewPad = function (toolbar, config) {
+        var $newPad = toolbar.$top.find('.'+NEWPAD_CLS).show();
+
+        var origin = config.metadataMgr.getPrivateData().origin;
+
+        var pads_options = [];
+        Config.availablePadTypes.forEach(function (p) {
+            if (p === 'drive') { return; }
+            if (!Cryptpad.isLoggedIn() && Config.registeredOnlyTypes &&
+                Config.registeredOnlyTypes.indexOf(p) !== -1) { return; }
+            pads_options.push({
+                tag: 'a',
+                attributes: {
+                    'target': '_blank',
+                    'href': origin + '/' + p + '/',
+                },
+                content: $('<div>').append(Cryptpad.getIcon(p)).html() + Messages.type[p]
+            });
+        });
+        var dropdownConfig = {
+            text: '', // Button initial text
+            options: pads_options, // Entries displayed in the menu
+            container: $newPad,
+            left: true,
+            feedback: /drive/.test(window.location.pathname)?
+                'DRIVE_NEWPAD': 'NEWPAD',
+        };
+        var $newPadBlock = Cryptpad.createDropdown(dropdownConfig);
+        $newPadBlock.find('button').attr('title', Messages.newButtonTitle);
+        $newPadBlock.find('button').addClass('fa fa-th');
+        return $newPadBlock;
+    };
+
+    var createUserAdmin = function (toolbar, config) {
+        if (!config.metadataMgr) {
+            throw new Error("You must provide a `metadataMgr` to display the user menu");
+        }
+        var metadataMgr = config.metadataMgr;
+        var $userAdmin = toolbar.$userAdmin.find('.'+USERADMIN_CLS).show();
+        var userMenuCfg = {
+            $initBlock: $userAdmin,
+            metadataMgr: metadataMgr,
+            Common: Common
+        };
+        if (!config.hideDisplayName) {
+            $.extend(true, userMenuCfg, {
+                displayNameCls: USERNAME_CLS,
+                changeNameButtonCls: USERBUTTON_CLS,
+            });
+        }
+        if (config.readOnly !== 1) {
+            userMenuCfg.displayName = 1;
+            userMenuCfg.displayChangeName = 1;
+        }
+        Common.createUserAdminMenu(userMenuCfg);
+        $userAdmin.find('button').attr('title', Messages.userAccountButton);
+
+        var $userButton = toolbar.$userNameButton = $userAdmin.find('a.' + USERBUTTON_CLS);
+        $userButton.click(function (e) {
+            e.preventDefault();
+            e.stopPropagation();
+            var myData = metadataMgr.getMetadata().users[metadataMgr.getNetfluxId()];
+            var lastName = myData.name;
+            Cryptpad.prompt(Messages.changeNamePrompt, lastName || '', function (newName) {
+                if (newName === null && typeof(lastName) === "string") { return; }
+                if (newName === null) { newName = ''; }
+                else { Common.feedback('NAME_CHANGED'); }
+                Common.setDisplayName(newName, function (err) {
+                    if (err) {
+                        console.log("Couldn't set username");
+                        console.error(err);
+                        return;
+                    }
+                    //Cryptpad.changeDisplayName(newName, true); Already done?
+                });
+            });
+        });
+
+        return $userAdmin;
+    };
+
+    // Events
+    var initClickEvents = function (toolbar, config) {
+        var removeDropdowns =  function () {
+            window.setTimeout(function () {
+                toolbar.$toolbar.find('.cryptpad-dropdown').hide();
+            });
+        };
+        var cancelEditTitle = function (e) {
+            // Now we want to apply the title even if we click somewhere else
+            if ($(e.target).parents('.' + TITLE_CLS).length || !toolbar.title) {
+                return;
+            }
+            var $title = toolbar.title;
+            if (!$title.find('input').is(':visible')) { return; }
+
+            // Press enter
+            var ev = $.Event("keyup");
+            ev.which = 13;
+            $title.find('input').trigger(ev);
+        };
+        // Click in the main window
+        var w = config.ifrw || window;
+        $(w).on('click', removeDropdowns);
+        $(w).on('click', cancelEditTitle);
+        // Click in iframes
+        try {
+            if (w.$ && w.$('iframe').length) {
+                config.ifrw.$('iframe').each(function (i, el) {
+                    $(el.contentWindow).on('click', removeDropdowns);
+                    $(el.contentWindow).on('click', cancelEditTitle);
+                });
+            }
+        } catch (e) {
+            // empty try catch in case this iframe is problematic
+        }
+    };
+
+    // Notifications
+    var initNotifications = function (toolbar, config) {
+        // Display notifications when users are joining/leaving the session
+        var oldUserData;
+        if (!config.metadataMgr) { return; }
+        var metadataMgr = config.metadataMgr;
+        var userNetfluxId = metadataMgr.getNetfluxId();
+        if (typeof Cryptpad !== "undefined") {
+            var notify = function(type, name, oldname) {
+                // type : 1 (+1 user), 0 (rename existing user), -1 (-1 user)
+                if (typeof name === "undefined") { return; }
+                name = name || Messages.anonymous;
+                switch(type) {
+                    case 1:
+                        Cryptpad.log(Messages._getKey("notifyJoined", [name]));
+                        break;
+                    case 0:
+                        oldname = (!oldname) ? Messages.anonymous : oldname;
+                        Cryptpad.log(Messages._getKey("notifyRenamed", [oldname, name]));
+                        break;
+                    case -1:
+                        Cryptpad.log(Messages._getKey("notifyLeft", [name]));
+                        break;
+                    default:
+                        console.log("Invalid type of notification");
+                        break;
+                }
+            };
+
+            var userPresent = function (id, user, data) {
+                if (!(user && user.uid)) {
+                    console.log('no uid');
+                    return 0;
+                }
+                if (!data) {
+                    console.log('no data');
+                    return 0;
+                }
+
+                var count = 0;
+                Object.keys(data).forEach(function (k) {
+                    if (data[k] && data[k].uid === user.uid) { count++; }
+                });
+                return count;
+            };
+
+            metadataMgr.onChange(function () {
+                var newdata = metadataMgr.getMetadata().users;
+                var netfluxIds = Object.keys(newdata);
+                // Notify for disconnected users
+                if (typeof oldUserData !== "undefined") {
+                    for (var u in oldUserData) {
+                        // if a user's uid is still present after having left, don't notify
+                        if (netfluxIds.indexOf(u) === -1) {
+                            var temp = JSON.parse(JSON.stringify(oldUserData[u]));
+                            delete oldUserData[u];
+                            if (temp && newdata[userNetfluxId] && temp.uid === newdata[userNetfluxId].uid) { return; }
+                            if (userPresent(u, temp, newdata || oldUserData) < 1) {
+                                notify(-1, temp.name);
+                            }
+                        }
+                    }
+                }
+                // Update the "oldUserData" object and notify for new users and names changed
+                if (typeof newdata === "undefined") { return; }
+                if (typeof oldUserData === "undefined") {
+                    oldUserData = JSON.parse(JSON.stringify(newdata));
+                    return;
+                }
+                if (config.readOnly === 0 && !oldUserData[userNetfluxId]) {
+                    oldUserData = JSON.parse(JSON.stringify(newdata));
+                    return;
+                }
+                for (var k in newdata) {
+                    if (k !== userNetfluxId && netfluxIds.indexOf(k) !== -1) {
+                        if (typeof oldUserData[k] === "undefined") {
+                            // if the same uid is already present in the userdata, don't notify
+                            if (!userPresent(k, newdata[k], oldUserData)) {
+                                notify(1, newdata[k].name);
+                            }
+                        } else if (oldUserData[k].name !== newdata[k].name) {
+                            notify(0, newdata[k].name, oldUserData[k].name);
+                        }
+                    }
+                }
+                oldUserData = JSON.parse(JSON.stringify(newdata));
+            });
+        }
+    };
+
+
+
+    // Main
+
+    Bar.create = function (cfg) {
+        var config = cfg || {};
+        Cryptpad = config.common;
+        Common = config.sfCommon;
+        Messages = Cryptpad.Messages;
+        config.readOnly = (typeof config.readOnly !== "undefined") ? (config.readOnly ? 1 : 0) : -1;
+        config.displayed = config.displayed || [];
+
+        var toolbar = {};
+
+        toolbar.connected = false;
+        toolbar.firstConnection = true;
+
+        var $toolbar = toolbar.$toolbar = createRealtimeToolbar(config);
+        toolbar.$leftside = $toolbar.find('.'+Bar.constants.leftside);
+        toolbar.$rightside = $toolbar.find('.'+Bar.constants.rightside);
+        toolbar.$drawer = $toolbar.find('.'+Bar.constants.drawer);
+        toolbar.$top = $toolbar.find('.'+Bar.constants.top);
+        toolbar.$history = $toolbar.find('.'+Bar.constants.history);
+
+        toolbar.$userAdmin = $toolbar.find('.'+Bar.constants.userAdmin);
+
+        // Create the subelements
+        var tb = {};
+        tb['userlist'] = createUserList;
+        tb['share'] = createShare;
+        tb['fileshare'] = createFileShare;//TODO
+        tb['title'] = createTitle;
+        tb['pageTitle'] = createPageTitle;//TODO
+        tb['lag'] = $.noop;
+        tb['spinner'] = createSpinner;
+        tb['state'] = $.noop;
+        tb['limit'] = createLimit; // TODO
+        tb['upgrade'] = $.noop;
+        tb['newpad'] = createNewPad;
+        tb['useradmin'] = createUserAdmin;
+
+        var addElement = toolbar.addElement = function (arr, additionnalCfg, init) {
+            if (typeof additionnalCfg === "object") { $.extend(true, config, additionnalCfg); }
+            arr.forEach(function (el) {
+                if (typeof el !== "string" || !el.trim()) { return; }
+                if (typeof tb[el] === "function") {
+                    if (!init && config.displayed.indexOf(el) !== -1) { return; } // Already done
+                    toolbar[el] = tb[el](toolbar, config);
+                    if (!init) { config.displayed.push(el); }
+                }
+            });
+        };
+
+        addElement(config.displayed, {}, true);
+        initUserList(toolbar, config);
+
+        toolbar['linkToMain'] = createLinkToMain(toolbar, config);
+
+        if (!config.realtime) { toolbar.connected = true; }
+
+        initClickEvents(toolbar, config);
+        initNotifications(toolbar, config);
+
+        var failed = toolbar.failed = function () {
+            toolbar.connected = false;
+
+            if (toolbar.spinner) {
+                toolbar.spinner.text(Messages.disconnected);
+            }
+            //checkLag(toolbar, config);
+        };
+        toolbar.reconnecting = function (/*userId*/) {
+            //if (config.metadataMgr) { config.userList.userNetfluxId = userId; } TODO
+            toolbar.connected = false;
+            if (toolbar.spinner) {
+                toolbar.spinner.text(Messages.reconnecting);
+            }
+            //checkLag(toolbar, config);
+        };
+
+        // On log out, remove permanently the realtime elements of the toolbar
+        Cryptpad.onLogout(function () {
+            failed();
+            if (toolbar.useradmin) { toolbar.useradmin.hide(); }
+            if (toolbar.userlist) { toolbar.userlist.hide(); }
+        });
+
+        return toolbar;
+    };
+
+    return Bar;
+});
diff --git a/www/common/userObject.js b/www/common/userObject.js
index 6b4a31bbe..431e9c9dc 100644
--- a/www/common/userObject.js
+++ b/www/common/userObject.js
@@ -413,6 +413,15 @@ define([
             });
             return ret;
         };
+        exp.getRecentPads = function () {
+            var allFiles = files[FILES_DATA];
+            var sorted = Object.keys(allFiles)
+                .sort(function (a,b) {
+                    return allFiles[a].atime < allFiles[b].atime;
+                })
+                .map(function (str) { return Number(str); });
+            return sorted;
+        };
 
         /**
          * OPERATIONS
diff --git a/www/contacts/index.html b/www/contacts/index.html
index a76879a6d..a72a3c60b 100644
--- a/www/contacts/index.html
+++ b/www/contacts/index.html
@@ -4,7 +4,7 @@
     <title>CryptPad</title>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
     <style>
         html, body {
             margin: 0px;
diff --git a/www/contacts/inner.html b/www/contacts/inner.html
index ebfb164c8..5bbe09483 100644
--- a/www/contacts/inner.html
+++ b/www/contacts/inner.html
@@ -3,7 +3,7 @@
 <head>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <script src="/bower_components/jquery/dist/jquery.min.js"></script>
-    <script async data-bootload="/contacts/inner.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="/contacts/inner.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
     <style>.loading-hidden, .loading-hidden * {display: none !important;}</style>
 </head>
 <body class="loading-hidden">
diff --git a/www/drive/file.less b/www/drive/file.less
index ccf92651f..41896d755 100644
--- a/www/drive/file.less
+++ b/www/drive/file.less
@@ -190,7 +190,8 @@ span {
     }
     .docTree {
         margin-top: 20px;
-        padding: 0 0 0 20px;
+        //padding: 0 0 0 20px;
+        padding: 0;
         cursor: auto;
         &li, li {
             padding: 0;
@@ -304,6 +305,24 @@ span {
             top: -1px;
         }
     }
+    .docTree {
+        .root > .element-row > .expcol {
+            position: relative;
+            top:0;
+            left: -10px;
+        }
+        .root > .element-row > .folder {
+            margin-left: -5px;
+        }
+        .root {
+            &> .element-row {
+                padding-left: 20px;
+            }
+            &> ul {
+                padding-left: 30px;
+            }
+        }
+    }
 
     // Expand/collapse lines
     .docTree ul {
@@ -478,9 +497,26 @@ span {
         .listElement {
             display: none;
         }
+        .addpad {
+            cursor: pointer;
+            opacity: 0.5;
+            padding: 0;
+            &:hover {
+                opacity: 0.7;
+            }
+            .fa {
+                cursor: pointer;
+                font-size: 100px;
+                line-height: 140px;
+                margin: 0;
+            }
+        }
     }
 
     .list {
+        .grid-element {
+            display: none;
+        }
         // Make it act as a table!
         padding-left: 20px;
         ul {
diff --git a/www/drive/index.html b/www/drive/index.html
index f959cfac6..02f92a5b3 100644
--- a/www/drive/index.html
+++ b/www/drive/index.html
@@ -4,7 +4,7 @@
     <title>CryptDrive</title>
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
-    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
     <style>
         html, body {
             margin: 0px;
diff --git a/www/drive/inner.html b/www/drive/inner.html
index 717dbe89a..0b26aa7a1 100644
--- a/www/drive/inner.html
+++ b/www/drive/inner.html
@@ -3,7 +3,7 @@
 <head>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <script src="/bower_components/jquery/dist/jquery.min.js"></script>
-    <script async data-bootload="/drive/inner.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="/drive/inner.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
 </head>
 <body style="display: none;">
     <div id="toolbar" class="toolbar-container"></div>
diff --git a/www/drive/main.js b/www/drive/main.js
index 468be48b8..97d67a03d 100644
--- a/www/drive/main.js
+++ b/www/drive/main.js
@@ -51,6 +51,8 @@ define([
     var TEMPLATE_NAME = Messages.fm_templateName;
     var TRASH = "trash";
     var TRASH_NAME = Messages.fm_trashName;
+    var RECENT = "recent";
+    var RECENT_NAME = "Recent pads";
 
     var LOCALSTORAGE_LAST = "cryptpad-file-lastOpened";
     var LOCALSTORAGE_OPENED = "cryptpad-file-openedFolders";
@@ -172,6 +174,7 @@ define([
     var $closeIcon = $('<span>', {"class": "fa fa-window-close"});
     var $backupIcon = $('<span>', {"class": "fa fa-life-ring"});
     var $searchIcon = $('<span>', {"class": "fa fa-search searchIcon"});
+    var $addIcon = $('<span>', {"class": "fa fa-plus"});
 
     var history = {
         isHistoryMode: false,
@@ -233,9 +236,10 @@ define([
 
         // Categories dislayed in the menu
         // _WORKGROUP_ : do not display unsorted
-        var displayedCategories = [ROOT, TRASH, SEARCH];
+        var displayedCategories = [ROOT, TRASH, SEARCH, RECENT];
         if (AppConfig.enableTemplates) { displayedCategories.push(TEMPLATE); }
         if (isWorkgroup()) { displayedCategories = [ROOT, TRASH, SEARCH]; }
+        var virtualCategories = [SEARCH, RECENT];
 
         if (!APP.loggedIn) {
             displayedCategories = [FILES_DATA];
@@ -1157,6 +1161,7 @@ define([
             if (!href) { return $icon; }
 
             if (href.indexOf('/pad/') !== -1) { $icon = Cryptpad.getIcon('pad'); }
+            else if (href.indexOf('/pad2/') !== -1) { $icon = Cryptpad.getIcon('pad'); } // SFRAME
             else if (href.indexOf('/code/') !== -1) { $icon = Cryptpad.getIcon('code'); }
             else if (href.indexOf('/slide/') !== -1) { $icon = Cryptpad.getIcon('slide'); }
             else if (href.indexOf('/poll/') !== -1) { $icon = Cryptpad.getIcon('poll'); }
@@ -1258,6 +1263,7 @@ define([
                 case TEMPLATE: pName = TEMPLATE_NAME; break;
                 case FILES_DATA: pName = FILES_DATA_NAME; break;
                 case SEARCH: pName = SEARCH_NAME; break;
+                case RECENT: pName = RECENT_NAME; break;
                 default: pName = name;
             }
             return pName;
@@ -1317,6 +1323,9 @@ define([
                 case FILES_DATA:
                     msg = Messages.fm_info_allFiles;
                     break;
+                case RECENT:
+                    msg = Messages.fm_info_recent || 'TODO';
+                    break;
                 default:
                     msg = undefined;
             }
@@ -1804,6 +1813,50 @@ define([
             });
         };
 
+        var displayRecent = function ($list) {
+            var filesList = filesOp.getRecentPads();
+            var limit = 20;
+            var i = 0;
+            filesList.forEach(function (id) {
+                if (i >= limit) { return; }
+                // Check path (pad exists and not in trash)
+                var paths = filesOp.findFile(id);
+                if (!paths.length) { return; }
+                var path = paths[0];
+                if (filesOp.isPathIn(path, [TRASH])) { return; }
+                // Display the pad
+                var file = filesOp.getFileData(id);
+                if (!file) {
+                    //debug("Unsorted or template returns an element not present in filesData: ", href);
+                    file = { title: Messages.fm_noname };
+                    //return;
+                }
+                var $icon = getFileIcon(id);
+                var ro = filesOp.isReadOnlyFile(id);
+                // ro undefined mens it's an old hash which doesn't support read-only
+                var roClass = typeof(ro) === 'undefined' ? ' noreadonly' : ro ? ' readonly' : '';
+                var $element = $('<li>', {
+                    'class': 'file-element element element-row' + roClass,
+                });
+                addFileData(id, $element);
+                $element.prepend($icon).dblclick(function () {
+                    openFile(id);
+                });
+                $element.data('path', path);
+                $element.click(function(e) {
+                    e.stopPropagation();
+                    onElementClick(e, $element, path);
+                });
+                $element.contextmenu(openDefaultContextMenu);
+                $element.data('context', $defaultContextMenu);
+                /*if (draggable) {
+                    addDragAndDropHandlers($element, path, false, false);
+                }*/
+                $list.append($element);
+                i++;
+            });
+        };
+
         // Display the selected directory into the content part (rightside)
         // NOTE: Elements in the trash are not using the same storage structure as the others
         // _WORKGROUP_ : do not change the lastOpenedFolder value in localStorage
@@ -1832,9 +1885,11 @@ define([
             var isTemplate = filesOp.comparePath(path, [TEMPLATE]);
             var isAllFiles = filesOp.comparePath(path, [FILES_DATA]);
             var isSearch = path[0] === SEARCH;
+            var isRecent = path[0] === RECENT;
+            var isVirtual = virtualCategories.indexOf(path[0]) !== -1;
 
-            var root = isSearch ? undefined : filesOp.find(path);
-            if (!isSearch && typeof(root) === "undefined") {
+            var root = isVirtual ? undefined : filesOp.find(path);
+            if (!isVirtual && typeof(root) === "undefined") {
                 log(Messages.fm_unknownFolderError);
                 debug("Unable to locate the selected directory: ", path);
                 var parentPath = path.slice();
@@ -1920,6 +1975,8 @@ define([
                 displayTrashRoot($list, $folderHeader, $fileHeader);
             } else if (isSearch) {
                 displaySearch($list, path[1]);
+            } else if (isRecent) {
+                displayRecent($list);
             } else {
                 $dirContent.contextmenu(openContentContextMenu);
                 if (filesOp.hasSubfolder(root)) { $list.append($folderHeader); }
@@ -1939,6 +1996,21 @@ define([
                     var $element = createElement(path, key, root, false);
                     $element.appendTo($list);
                 });
+
+                var $element = $('<li>', {
+                    'class': 'element-row grid-element addpad'
+                }).prepend($addIcon.clone()).appendTo($list);
+                $element.attr('title', "TODO: Add a pad");
+                $element.click(function () {
+                    window.setTimeout(function () {
+                        $driveToolbar.find('.leftside .dropdown-bar-content').show();
+                    });
+                    /*var $content = $driveToolbar.find('.leftside .dropdown-bar-content').html();
+                    var $container = $('<div>').append($('<div>', {id:'cryptpad-add-pad'}));
+                    Cryptpad.alert($container.html(),null,true);
+                    var $c = $('body > .alertify').last().find('#cryptpad-add-pad');
+                    $c.append($content);*/
+                });
             }
             //$content.append($toolbar).append($title).append($info).append($dirContent);
             $content.append($info).append($dirContent);
@@ -2036,7 +2108,10 @@ define([
                 var $rootIcon = filesOp.isFolderEmpty(files[ROOT]) ?
                     (isRootOpened ? $folderOpenedEmptyIcon : $folderEmptyIcon) :
                     (isRootOpened ? $folderOpenedIcon : $folderIcon);
-                var $rootElement = createTreeElement(ROOT_NAME, $rootIcon.clone(), [ROOT], false, true, false, isRootOpened);
+                var $rootElement = createTreeElement(ROOT_NAME, $rootIcon.clone(), [ROOT], false, true, true, isRootOpened);
+                if (!filesOp.hasSubfolder(root)) {
+                    $rootElement.find('.expcol').css('visibility', 'hidden');
+                }
                 $rootElement.addClass('root');
                 $rootElement.find('>.element-row').contextmenu(openDirectoryContextMenu);
                 $('<ul>', {'class': 'docTree'}).append($rootElement).appendTo($container);
@@ -2092,6 +2167,15 @@ define([
             $container.append($trashList);
         };
 
+        var createRecent = function ($container, path) {
+            var $icon = $templateIcon.clone(); //TODO
+            var isOpened = filesOp.comparePath(path, currentPath);
+            var $element = createTreeElement(RECENT_NAME, $icon, [RECENT], false, false, false, isOpened);
+            $element.addClass('root');
+            var $list = $('<ul>', { id: 'recentTree', 'class': 'category' }).append($element);
+            $container.append($list);
+        };
+
         var search = APP.Search = {};
         var createSearch = function ($container) {
             var isInSearch = currentPath[0] === SEARCH;
@@ -2144,6 +2228,7 @@ define([
             $tree.html('');
             if (displayedCategories.indexOf(SEARCH) !== -1) { createSearch($tree); }
             var $div = $('<div>', {'class': 'categories-container'}).appendTo($tree);
+            if (displayedCategories.indexOf(RECENT) !== -1) { createRecent($div, [RECENT]); }
             if (displayedCategories.indexOf(ROOT) !== -1) { createTree($div, [ROOT]); }
             if (displayedCategories.indexOf(TEMPLATE) !== -1) { createTemplate($div, [TEMPLATE]); }
             if (displayedCategories.indexOf(FILES_DATA) !== -1) { createAllFiles($div, [FILES_DATA]); }
diff --git a/www/file/index.html b/www/file/index.html
index a76879a6d..a72a3c60b 100644
--- a/www/file/index.html
+++ b/www/file/index.html
@@ -4,7 +4,7 @@
     <title>CryptPad</title>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
     <style>
         html, body {
             margin: 0px;
diff --git a/www/file/inner.html b/www/file/inner.html
index d6ff8b575..0bdfd1c41 100644
--- a/www/file/inner.html
+++ b/www/file/inner.html
@@ -3,7 +3,7 @@
 <head>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <script src="/bower_components/jquery/dist/jquery.min.js"></script>
-    <script async data-bootload="/file/inner.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="/file/inner.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
     <style>.loading-hidden, .loading-hidden * {display: none !important;}</style>
 </head>
 <body class="loading-hidden">
diff --git a/www/invite/index.html b/www/invite/index.html
index 6ee841719..5200564ce 100644
--- a/www/invite/index.html
+++ b/www/invite/index.html
@@ -6,7 +6,7 @@
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
     <link rel="icon" type="image/png" href="/customize/main-favicon.png" id="favicon"/>
-    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
 
     <link rel="stylesheet" href="/bower_components/codemirror/lib/codemirror.css">
     <link rel="stylesheet" href="/bower_components/codemirror/addon/dialog/dialog.css">
diff --git a/www/login/index.html b/www/login/index.html
index 03032969b..31d4c99f8 100644
--- a/www/login/index.html
+++ b/www/login/index.html
@@ -6,7 +6,7 @@
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
     <link rel="icon" type="image/png" href="/customize/main-favicon.png" id="favicon"/>
-    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
 </head>
 <body class="html">
     <noscript>
diff --git a/www/pad/index.html b/www/pad/index.html
index 381134365..2d67081e7 100644
--- a/www/pad/index.html
+++ b/www/pad/index.html
@@ -5,7 +5,7 @@
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <meta name="referrer" content="no-referrer" />
-    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
     <style>
         html, body {
             margin: 0px;
diff --git a/www/pad/inner.html b/www/pad/inner.html
index afbc9e314..aa0b442f9 100644
--- a/www/pad/inner.html
+++ b/www/pad/inner.html
@@ -5,7 +5,7 @@
     <link rel="stylesheet" href="/bower_components/components-font-awesome/css/font-awesome.min.css">
     <script src="/bower_components/jquery/dist/jquery.min.js"></script>
     <link rel="stylesheet" href="/bower_components/bootstrap/dist/css/bootstrap.min.css">
-    <script async data-bootload="/pad/inner.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="/pad/inner.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
     <script src="/bower_components/ckeditor/ckeditor.js"></script>
     <script src="/pad/wysiwygarea-plugin.js"></script>
     <style>
diff --git a/www/pad2/ckeditor-inner.html b/www/pad2/ckeditor-inner.html
new file mode 100644
index 000000000..511bd5f40
--- /dev/null
+++ b/www/pad2/ckeditor-inner.html
@@ -0,0 +1,3 @@
+<!DOCTYPE html>
+<html dir="ltr" lang="en"><head><title>Rich Text Editor, editor1</title><style data-cke-temp="1">html{cursor:text;*cursor:auto}
+img,input,textarea{cursor:default}</style><link type="text/css" rel="stylesheet" href="/customize/ckeditor-contents.css"><link type="text/css" rel="stylesheet" href="/bower_components/ckeditor/plugins/tableselection/styles/tableselection.css"></head><body><p><br></p></body></html>
diff --git a/www/pad2/index.html b/www/pad2/index.html
new file mode 100644
index 000000000..dc2fd0d44
--- /dev/null
+++ b/www/pad2/index.html
@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>CryptPad</title>
+    <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="referrer" content="no-referrer" />
+    <script async data-bootload="/pad2/outer.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
+    <style>
+        html, body {
+            margin: 0px;
+            padding: 0px;
+        }
+        #sbox-iframe {
+            position:fixed;
+            top:0px;
+            left:0px;
+            bottom:0px;
+            right:0px;
+            width:100%;
+            height:100%;
+            border:none;
+            margin:0;
+            padding:0;
+            overflow:hidden;
+        }
+    </style>
+</head>
+<body>
+<iframe id="sbox-iframe">
\ No newline at end of file
diff --git a/www/pad2/inner.html b/www/pad2/inner.html
new file mode 100644
index 000000000..0ebef67b2
--- /dev/null
+++ b/www/pad2/inner.html
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html class="cp pad">
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
+    <script async data-bootload="/pad2/main.js" data-main="/common/sframe-boot.js?ver=1.1" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
+    <style>
+    html, body {
+        margin: 0px;
+    }
+    #cke_1_top {
+        overflow: visible;
+        padding: 0px;
+        display: flex;
+    }
+    #cke_1_toolbox {
+        display: inline-block;
+        width: 100%;
+        background-color: #c1e7ff;
+    }
+    #cke_1_toolbox .cke_toolbar {
+        height: 28px;
+        padding: 2px 0;
+    }
+    #cke_1_top .cryptpad-toolbar {
+        padding: 0;
+        display: block;
+    }
+    .cke_wysiwyg_frame {
+        min-width: 60%;
+    }
+    </style>
+</head>
+<body class="app-pad">
+    <textarea style="display:none" id="editor1" name="editor1"></textarea>
+</body>
+</html>
+
diff --git a/www/pad2/links.js b/www/pad2/links.js
new file mode 100644
index 000000000..6a53a4bc7
--- /dev/null
+++ b/www/pad2/links.js
@@ -0,0 +1,60 @@
+define(['/common/cryptpad-common.js'], function (Cryptpad) {
+    // Adds a context menu entry to open the selected link in a new tab.
+    // See https://github.com/xwiki-contrib/application-ckeditor/commit/755d193497bf23ed874d874b4ae92fbee887fc10
+    var Messages = Cryptpad.Messages;
+    return {
+        addSupportForOpeningLinksInNewTab : function (Ckeditor) {
+                // Returns the DOM element of the active (currently focused) link. It has also support for linked image widgets.
+            // @return {CKEDITOR.dom.element}
+            var getActiveLink = function(editor) {
+                var anchor = Ckeditor.plugins.link.getSelectedLink(editor),
+                    // We need to do some special checking against widgets availability.
+                    activeWidget = editor.widgets && editor.widgets.focused;
+                // If default way of getting links didn't return anything useful..
+                if (!anchor && activeWidget && activeWidget.name === 'image' && activeWidget.parts.link) {
+                    // Since CKEditor 4.4.0 image widgets may be linked.
+                    anchor = activeWidget.parts.link;
+                }
+                return anchor;
+            };
+
+            return function(event) {
+                var editor = event.editor;
+                if (!Ckeditor.plugins.link) {
+                    return;
+                }
+                editor.addCommand( 'openLink', {
+                    exec: function(editor) {
+                        var anchor = getActiveLink(editor);
+                        if (anchor) {
+                            var href = anchor.getAttribute('href');
+                            if (href) {
+                                window.open(href);
+                            }
+                        }
+                    }
+                });
+                if (typeof editor.addMenuItem === 'function') {
+                    editor.addMenuItem('openLink', {
+                        label: Messages.openLinkInNewTab,
+                        command: 'openLink',
+                        group: 'link',
+                        order: -1
+                    });
+                }
+                if (editor.contextMenu) {
+                    editor.contextMenu.addListener(function(startElement) {
+                        if (startElement) {
+                            var anchor = getActiveLink(editor);
+                            if (anchor && anchor.getAttribute('href')) {
+                                return {openLink: Ckeditor.TRISTATE_OFF};
+                            }
+                        }
+                    });
+                    editor.contextMenu._.panelDefinition.css.push('.cke_button__openLink_icon {' +
+                        Ckeditor.skin.getIconStyle('link') + '}');
+                }
+            };
+        }
+    };
+});
diff --git a/www/pad2/main.js b/www/pad2/main.js
new file mode 100644
index 000000000..903fb0330
--- /dev/null
+++ b/www/pad2/main.js
@@ -0,0 +1,790 @@
+require(['/api/config'], function (ApiConfig) {
+    // see ckeditor_base.js getUrl()
+    window.CKEDITOR_GETURL = function (resource) {
+        if (resource.indexOf( '/' ) === 0) {
+            resource = window.CKEDITOR.basePath.replace(/\/bower_components\/.*/, '') + resource;
+        } else if (resource.indexOf(':/') === -1) {
+            resource = window.CKEDITOR.basePath + resource;
+        }
+        if (resource[resource.length - 1] !== '/' && resource.indexOf('ver=') === -1) {
+            var args = ApiConfig.requireConf.urlArgs;
+            if (resource.indexOf('/bower_components/') !== -1) {
+                args = 'ver=' + window.CKEDITOR.timestamp;
+            }
+            resource += (resource.indexOf('?') >= 0 ? '&' : '?') + args;
+        }
+        return resource;
+    };
+    require(['/bower_components/ckeditor/ckeditor.js']);
+});
+define([
+    'jquery',
+    '/bower_components/chainpad-crypto/crypto.js',
+    '/bower_components/hyperjson/hyperjson.js',
+    '/common/toolbar3.js',
+    '/common/cursor.js',
+    '/bower_components/chainpad-json-validator/json-ot.js',
+    '/common/TypingTests.js',
+    'json.sortify',
+    '/bower_components/textpatcher/TextPatcher.js',
+    '/common/cryptpad-common.js',
+    '/common/cryptget.js',
+    '/pad/links.js',
+    '/bower_components/nthen/index.js',
+    '/common/sframe-common.js',
+    '/api/config',
+    '/common/common-realtime.js',
+
+    '/bower_components/file-saver/FileSaver.min.js',
+    '/bower_components/diff-dom/diffDOM.js',
+
+    'css!/bower_components/bootstrap/dist/css/bootstrap.min.css',
+    'css!/bower_components/components-font-awesome/css/font-awesome.min.css',
+    'less!/customize/src/less/cryptpad.less',
+    'less!/customize/src/less/toolbar.less'
+], function (
+    $,
+    Crypto,
+    Hyperjson,
+    Toolbar,
+    Cursor,
+    JsonOT,
+    TypingTest,
+    JSONSortify,
+    TextPatcher,
+    Cryptpad,
+    Cryptget,
+    Links,
+    nThen,
+    SFCommon,
+    ApiConfig,
+    CommonRealtime)
+{
+    var saveAs = window.saveAs;
+    var Messages = Cryptpad.Messages;
+    var DiffDom = window.diffDOM;
+
+    var stringify = function (obj) { return JSONSortify(obj); };
+
+    window.Toolbar = Toolbar;
+    window.Hyperjson = Hyperjson;
+
+    var slice = function (coll) {
+        return Array.prototype.slice.call(coll);
+    };
+
+    var removeListeners = function (root) {
+        slice(root.attributes).map(function (attr) {
+            if (/^on/.test(attr.name)) {
+                root.attributes.removeNamedItem(attr.name);
+            }
+        });
+        slice(root.children).forEach(removeListeners);
+    };
+
+    var hjsonToDom = function (H) {
+        var dom = Hyperjson.toDOM(H);
+        removeListeners(dom);
+        return dom;
+    };
+
+    var module = window.REALTIME_MODULE = window.APP = {
+        Hyperjson: Hyperjson,
+        TextPatcher: TextPatcher,
+        logFights: true,
+        fights: [],
+        Cryptpad: Cryptpad,
+        Cursor: Cursor,
+    };
+
+    var emitResize = module.emitResize = function () {
+        var evt = window.document.createEvent('UIEvents');
+        evt.initUIEvent('resize', true, false, window, 0);
+        window.dispatchEvent(evt);
+    };
+
+    var toolbar;
+
+    var isNotMagicLine = function (el) {
+        return !(el && typeof(el.getAttribute) === 'function' &&
+            el.getAttribute('class') &&
+            el.getAttribute('class').split(' ').indexOf('non-realtime') !== -1);
+    };
+
+    /* catch `type="_moz"` before it goes over the wire */
+    var brFilter = function (hj) {
+        if (hj[1].type === '_moz') { hj[1].type = undefined; }
+        return hj;
+    };
+
+    var onConnectError = function () {
+        Cryptpad.errorLoadingScreen(Messages.websocketError);
+    };
+
+    var domFromHTML = function (html) {
+        return new DOMParser().parseFromString(html, 'text/html');
+    };
+
+    var forbiddenTags = [
+        'SCRIPT',
+        'IFRAME',
+        'OBJECT',
+        'APPLET',
+        'VIDEO',
+        'AUDIO'
+    ];
+
+    var getHTML = function (inner) {
+        return ('<!DOCTYPE html>\n' + '<html>\n' + inner.innerHTML);
+    };
+
+    var CKEDITOR_CHECK_INTERVAL = 100;
+    var ckEditorAvailable = function (cb) {
+        var intr;
+        var check = function () {
+            if (window.CKEDITOR) {
+                clearTimeout(intr);
+                cb(window.CKEDITOR);
+            }
+        };
+        intr = setInterval(function () {
+            console.log("Ckeditor was not defined. Trying again in %sms", CKEDITOR_CHECK_INTERVAL);
+            check();
+        }, CKEDITOR_CHECK_INTERVAL);
+        check();
+    };
+
+    var mkDiffOptions = function (cursor, readOnly) {
+        return {
+            preDiffApply: function (info) {
+                /*
+                    Don't accept attributes that begin with 'on'
+                    these are probably listeners, and we don't want to
+                    send scripts over the wire.
+                */
+                if (['addAttribute', 'modifyAttribute'].indexOf(info.diff.action) !== -1) {
+                    if (info.diff.name === 'href') {
+                        // console.log(info.diff);
+                        //var href = info.diff.newValue;
+
+                        // TODO normalize HTML entities
+                        if (/javascript *: */.test(info.diff.newValue)) {
+                            // TODO remove javascript: links
+                        }
+                    }
+
+                    if (/^on/.test(info.diff.name)) {
+                        console.log("Rejecting forbidden element attribute with name (%s)", info.diff.name);
+                        return true;
+                    }
+                }
+                /*
+                    Also reject any elements which would insert any one of
+                    our forbidden tag types: script, iframe, object,
+                        applet, video, or audio
+                */
+                if (['addElement', 'replaceElement'].indexOf(info.diff.action) !== -1) {
+                    if (info.diff.element && forbiddenTags.indexOf(info.diff.element.nodeName) !== -1) {
+                        console.log("Rejecting forbidden tag of type (%s)", info.diff.element.nodeName);
+                        return true;
+                    } else if (info.diff.newValue && forbiddenTags.indexOf(info.diff.newValue.nodeType) !== -1) {
+                        console.log("Rejecting forbidden tag of type (%s)", info.diff.newValue.nodeName);
+                        return true;
+                    }
+                }
+
+                if (info.node && info.node.tagName === 'BODY') {
+                    if (info.diff.action === 'removeAttribute' &&
+                        ['class', 'spellcheck'].indexOf(info.diff.name) !== -1) {
+                        return true;
+                    }
+                }
+
+                /* DiffDOM will filter out magicline plugin elements
+                    in practice this will make it impossible to use it
+                    while someone else is typing, which could be annoying.
+
+                    we should check when such an element is going to be
+                    removed, and prevent that from happening. */
+                if (info.node && info.node.tagName === 'SPAN' &&
+                    info.node.getAttribute('contentEditable') === "false") {
+                    // it seems to be a magicline plugin element...
+                    if (info.diff.action === 'removeElement') {
+                        // and you're about to remove it...
+                        // this probably isn't what you want
+
+                        /*
+                            I have never seen this in the console, but the
+                            magic line is still getting removed on remote
+                            edits. This suggests that it's getting removed
+                            by something other than diffDom.
+                        */
+                        console.log("preventing removal of the magic line!");
+
+                        // return true to prevent diff application
+                        return true;
+                    }
+                }
+
+                // Do not change the contenteditable value in view mode
+                if (readOnly && info.node && info.node.tagName === 'BODY' &&
+                    info.diff.action === 'modifyAttribute' && info.diff.name === 'contenteditable') {
+                    return true;
+                }
+
+                // no use trying to recover the cursor if it doesn't exist
+                if (!cursor.exists()) { return; }
+
+                /*  frame is either 0, 1, 2, or 3, depending on which
+                    cursor frames were affected: none, first, last, or both
+                */
+                var frame = info.frame = cursor.inNode(info.node);
+
+                if (!frame) { return; }
+
+                if (typeof info.diff.oldValue === 'string' && typeof info.diff.newValue === 'string') {
+                    var pushes = cursor.pushDelta(info.diff.oldValue, info.diff.newValue);
+
+                    if (frame & 1) {
+                        // push cursor start if necessary
+                        if (pushes.commonStart < cursor.Range.start.offset) {
+                            cursor.Range.start.offset += pushes.delta;
+                        }
+                    }
+                    if (frame & 2) {
+                        // push cursor end if necessary
+                        if (pushes.commonStart < cursor.Range.end.offset) {
+                            cursor.Range.end.offset += pushes.delta;
+                        }
+                    }
+                }
+            },
+            postDiffApply: function (info) {
+                if (info.frame) {
+                    if (info.node) {
+                        if (info.frame & 1) { cursor.fixStart(info.node); }
+                        if (info.frame & 2) { cursor.fixEnd(info.node); }
+                    } else { console.error("info.node did not exist"); }
+
+                    var sel = cursor.makeSelection();
+                    var range = cursor.makeRange();
+
+                    cursor.fixSelection(sel, range);
+                }
+            }
+        };
+    };
+
+    ////////////////////////////////////////////////////////////////////////////////////////////////////////////
+    ////////////////////////////////////////////////////////////////////////////////////////////////////////////
+    ////////////////////////////////////////////////////////////////////////////////////////////////////////////
+    ////////////////////////////////////////////////////////////////////////////////////////////////////////////
+    ////////////////////////////////////////////////////////////////////////////////////////////////////////////
+
+    var andThen = function (editor, Ckeditor, common) {
+        //var $iframe = $('#pad-iframe').contents();
+        //var secret = Cryptpad.getSecrets();
+        //var readOnly = secret.keys && !secret.keys.editKeyStr;
+        //if (!secret.keys) {
+        //    secret.keys = secret.key;
+        //}
+        var readOnly = false; // TODO
+        var cpNfInner;
+        var metadataMgr;
+        var onLocal;
+
+        var $bar = $('#cke_1_toolbox');
+
+        var $html = $bar.closest('html');
+        var $faLink = $html.find('head link[href*="/bower_components/components-font-awesome/css/font-awesome.min.css"]');
+        if ($faLink.length) {
+            $html.find('iframe').contents().find('head').append($faLink.clone());
+        }
+        var isHistoryMode = false;
+
+        if (readOnly) {
+            $('#cke_1_toolbox > .cke_toolbox_main').hide();
+        }
+
+        /* add a class to the magicline plugin so we can pick it out more easily */
+
+        var ml = Ckeditor.instances.editor1.plugins.magicline.backdoor.that.line.$;
+        [ml, ml.parentElement].forEach(function (el) {
+            el.setAttribute('class', 'non-realtime');
+        });
+
+        var ifrWindow = $html.find('iframe')[0].contentWindow;
+
+        var documentBody = ifrWindow.document.body;
+
+        var inner = window.inner = documentBody;
+
+        var cursor = module.cursor = Cursor(inner);
+
+        var openLink = function (e) {
+            var el = e.currentTarget;
+            if (!el || el.nodeName !== 'A') { return; }
+            var href = el.getAttribute('href');
+            if (href) { ifrWindow.open(href, '_blank'); }
+        };
+
+        var setEditable = module.setEditable = function (bool) {
+            if (bool) {
+                $(inner).css({
+                    color: '#333',
+                });
+            }
+            if (!readOnly || !bool) {
+                inner.setAttribute('contenteditable', bool);
+            }
+        };
+
+        CommonRealtime.onInfiniteSpinner(function () { setEditable(false); });
+
+        // don't let the user edit until the pad is ready
+        setEditable(false);
+
+        var initializing = true;
+
+        var Title;
+        //var UserList;
+        //var Metadata;
+
+        var getHeadingText = function () {
+            var text;
+            if (['h1', 'h2', 'h3'].some(function (t) {
+                var $header = $(inner).find(t + ':first-of-type');
+                if ($header.length && $header.text()) {
+                    text = $header.text();
+                    return true;
+                }
+            })) { return text; }
+        };
+
+        var DD = new DiffDom(mkDiffOptions(cursor, readOnly));
+
+        // apply patches, and try not to lose the cursor in the process!
+        var applyHjson = function (shjson) {
+            var userDocStateDom = hjsonToDom(JSON.parse(shjson));
+
+            if (!readOnly && !initializing) {
+                userDocStateDom.setAttribute("contenteditable", "true"); // lol wtf
+            }
+            var patch = (DD).diff(inner, userDocStateDom);
+            (DD).apply(inner, patch);
+            if (readOnly) {
+                var $links = $(inner).find('a');
+                // off so that we don't end up with multiple identical handlers
+                $links.off('click', openLink).on('click', openLink);
+            }
+        };
+
+        var stringifyDOM = module.stringifyDOM = function (dom) {
+            var hjson = Hyperjson.fromDOM(dom, isNotMagicLine, brFilter);
+            hjson[3] = {
+                metadata: metadataMgr.getMetadataLazy()
+            };
+            /*hjson[3] = { TODO
+                    users: UserList.userData,
+                    defaultTitle: Title.defaultTitle,
+                    type: 'pad'
+                }
+            };
+            if (!initializing) {
+                hjson[3].metadata.title = Title.title;
+            } else if (Cryptpad.initialName && !hjson[3].metadata.title) {
+                hjson[3].metadata.title = Cryptpad.initialName;
+            }*/
+            return stringify(hjson);
+        };
+
+        var realtimeOptions = {
+            readOnly: readOnly,
+            // really basic operational transform
+            transformFunction : JsonOT.validate,
+            // cryptpad debug logging (default is 1)
+            // logLevel: 0,
+            validateContent: function (content) {
+                try {
+                    JSON.parse(content);
+                    return true;
+                } catch (e) {
+                    console.log("Failed to parse, rejecting patch");
+                    return false;
+                }
+            }
+        };
+
+        var setHistory = function (bool, update) {
+            isHistoryMode = bool;
+            setEditable(!bool);
+            if (!bool && update) {
+                realtimeOptions.onRemote();
+            }
+        };
+
+        realtimeOptions.onRemote = function () {
+            if (initializing) { return; }
+            if (isHistoryMode) { return; }
+
+            var oldShjson = stringifyDOM(inner);
+
+            var shjson = module.realtime.getUserDoc();
+
+            // remember where the cursor is
+            cursor.update();
+
+            // Update the user list (metadata) from the hyperjson
+            // TODO Metadata.update(shjson);
+
+            var newInner = JSON.parse(shjson);
+            var newSInner;
+            if (newInner.length > 2) {
+                newSInner = stringify(newInner[2]);
+            }
+
+            if (newInner[3]) {
+                metadataMgr.updateMetadata(newInner[3].metadata);
+            }
+
+            // build a dom from HJSON, diff, and patch the editor
+            applyHjson(shjson);
+
+            if (!readOnly) {
+                var shjson2 = stringifyDOM(inner);
+
+                // TODO
+                //shjson = JSON.stringify(JSON.parse(shjson).slice(0,3));
+
+                if (shjson2 !== shjson) {
+                    console.error("shjson2 !== shjson");
+                    module.patchText(shjson2);
+
+                    /*  pushing back over the wire is necessary, but it can
+                        result in a feedback loop, which we call a browser
+                        fight */
+                    if (module.logFights) {
+                        // what changed?
+                        var op = TextPatcher.diff(shjson, shjson2);
+                        // log the changes
+                        TextPatcher.log(shjson, op);
+                        var sop = JSON.stringify(TextPatcher.format(shjson, op));
+
+                        var index = module.fights.indexOf(sop);
+                        if (index === -1) {
+                            module.fights.push(sop);
+                            console.log("Found a new type of browser disagreement");
+                            console.log("You can inspect the list in your " +
+                                "console at `REALTIME_MODULE.fights`");
+                            console.log(module.fights);
+                        } else {
+                            console.log("Encountered a known browser disagreement: " +
+                                "available at `REALTIME_MODULE.fights[%s]`", index);
+                        }
+                    }
+                }
+            }
+
+            // Notify only when the content has changed, not when someone has joined/left
+            var oldSInner = stringify(JSON.parse(oldShjson)[2]);
+            if (newSInner && newSInner !== oldSInner) {
+                Cryptpad.notify();
+            }
+        };
+
+        var exportFile = function () {
+            var html = getHTML(inner);
+            var suggestion = Title.suggestTitle('cryptpad-document');
+            Cryptpad.prompt(Messages.exportPrompt,
+                Cryptpad.fixFileName(suggestion) + '.html', function (filename) {
+                if (!(typeof(filename) === 'string' && filename)) { return; }
+                var blob = new Blob([html], {type: "text/html;charset=utf-8"});
+                saveAs(blob, filename);
+            });
+        };
+        var importFile = function (content) {
+            var shjson = stringify(Hyperjson.fromDOM(domFromHTML(content).body));
+            applyHjson(shjson);
+            realtimeOptions.onLocal();
+        };
+
+        realtimeOptions.onInit = function (info) {
+            readOnly = metadataMgr.getPrivateData().readOnly;
+            console.log('onInit');
+            var titleCfg = { getHeadingText: getHeadingText };
+            Title = common.createTitle(titleCfg, realtimeOptions.onLocal, common, metadataMgr);
+            var configTb = {
+                displayed: ['userlist', 'title', 'useradmin', 'spinner', 'newpad', 'share', 'limit'],
+                title: Title.getTitleConfig(),
+                metadataMgr: metadataMgr,
+                readOnly: readOnly,
+                ifrw: window,
+                realtime: info.realtime,
+                common: Cryptpad,
+                sfCommon: common,
+                $container: $bar,
+                $contentContainer: $('#cke_1_contents'),
+            };
+            toolbar = info.realtime.toolbar = Toolbar.create(configTb);
+            Title.setToolbar(toolbar);
+
+            var $rightside = toolbar.$rightside;
+            var $drawer = toolbar.$drawer;
+
+            var src = 'less!/customize/src/less/toolbar.less';
+            require([
+                src
+            ], function () {
+                var $html = $bar.closest('html');
+                $html
+                    .find('head style[data-original-src="' + src.replace(/less!/, '') + '"]')
+                    .appendTo($html.find('head'));
+            });
+
+            $bar.find('#cke_1_toolbar_collapser').hide();
+            if (!readOnly) {
+                // Expand / collapse the toolbar
+                var $collapse = Cryptpad.createButton(null, true);
+                $collapse.removeClass('fa-question');
+                var updateIcon = function () {
+                    $collapse.removeClass('fa-caret-down').removeClass('fa-caret-up');
+                    var isCollapsed = !$bar.find('.cke_toolbox_main').is(':visible');
+                    if (isCollapsed) {
+                        if (!initializing) { common.feedback('HIDETOOLBAR_PAD'); }
+                        $collapse.addClass('fa-caret-down');
+                    }
+                    else {
+                        if (!initializing) { common.feedback('SHOWTOOLBAR_PAD'); }
+                        $collapse.addClass('fa-caret-up');
+                    }
+                };
+                updateIcon();
+                $collapse.click(function () {
+                    $(window).trigger('resize');
+                    $('.cke_toolbox_main').toggle();
+                    $(window).trigger('cryptpad-ck-toolbar');
+                    updateIcon();
+                });
+                $rightside.append($collapse);
+            } else {
+                $('.cke_toolbox_main').hide();
+            }
+
+            /* add a history button */
+            var histConfig = {
+                onLocal: realtimeOptions.onLocal,
+                onRemote: realtimeOptions.onRemote,
+                setHistory: setHistory,
+                applyVal: function (val) { applyHjson(val || '["BODY",{},[]]'); },
+                $toolbar: $bar
+            };
+            var $hist = common.createButton('history', true, {histConfig: histConfig});
+            $drawer.append($hist);
+
+            if (!metadataMgr.getPrivateData().isTemplate) {
+                var templateObj = {
+                    rt: info.realtime,
+                    getTitle: function () { return metadataMgr.getMetadata().title; }
+                };
+                var $templateButton = common.createButton('template', true, templateObj);
+                $rightside.append($templateButton);
+            }
+
+            /* add an export button */
+            var $export = Cryptpad.createButton('export', true, {}, exportFile);
+            $drawer.append($export);
+
+            if (!readOnly) {
+                /* add an import button */
+                var $import = Cryptpad.createButton('import', true, {
+                    accept: 'text/html'
+                }, importFile);
+                $drawer.append($import);
+            }
+
+            /* add a forget button */
+            var forgetCb = function (err) {
+                if (err) { return; }
+                setEditable(false);
+            };
+            var $forgetPad = common.createButton('forget', true, {}, forgetCb);
+            $rightside.append($forgetPad);
+        };
+
+        // this should only ever get called once, when the chain syncs
+        realtimeOptions.onReady = function (info) {
+            console.log('onReady');
+            if (!module.isMaximized) {
+                module.isMaximized = true;
+                $('iframe.cke_wysiwyg_frame').css('width', '');
+                $('iframe.cke_wysiwyg_frame').css('height', '');
+            }
+            $('body').addClass('app-pad');
+
+            if (module.realtime !== info.realtime) {
+                module.patchText = TextPatcher.create({
+                    realtime: info.realtime,
+                    //logging: true,
+                });
+            }
+
+            module.realtime = info.realtime;
+
+            var shjson = module.realtime.getUserDoc();
+
+            var newPad = false;
+            if (shjson === '') { newPad = true; }
+
+            if (!newPad) {
+                applyHjson(shjson);
+
+                // Update the user list (metadata) from the hyperjson
+                // XXX Metadata.update(shjson);
+                var parsed = JSON.parse(shjson);
+                if (parsed[3] && parsed[3].metadata) {
+                    metadataMgr.updateMetadata(parsed[3].metadata);
+                }
+
+                if (!readOnly) {
+                    var shjson2 = stringifyDOM(inner);
+                    var hjson2 = JSON.parse(shjson2).slice(0,3);
+                    var hjson = JSON.parse(shjson).slice(0,3);
+                    if (stringify(hjson2) !== stringify(hjson)) {
+                        console.log('err');
+                        console.error("shjson2 !== shjson");
+                        console.log(stringify(hjson2));
+                        console.log(stringify(hjson));
+                        Cryptpad.errorLoadingScreen(Messages.wrongApp);
+                        throw new Error();
+                    }
+                }
+            } else {
+                Title.updateTitle(Cryptpad.initialName || Title.defaultTitle);
+                documentBody.innerHTML = Messages.initialState;
+            }
+
+            Cryptpad.removeLoadingScreen(emitResize);
+            setEditable(!readOnly);
+            initializing = false;
+
+            if (readOnly) { return; }
+            //TODO UserList.getLastName(toolbar.$userNameButton, newPad);
+            onLocal();
+            editor.focus();
+            if (newPad) {
+                cursor.setToEnd();
+            } else {
+                cursor.setToStart();
+            }
+        };
+
+        realtimeOptions.onConnectionChange = function (info) {
+            setEditable(info.state);
+            //toolbar.failed(); TODO
+            if (info.state) {
+                initializing = true;
+                //toolbar.reconnecting(info.myId); // TODO
+                Cryptpad.findOKButton().click();
+            } else {
+                Cryptpad.alert(Messages.common_connectionLost, undefined, true);
+            }
+        };
+
+        realtimeOptions.onError = onConnectError;
+
+        onLocal = realtimeOptions.onLocal = function () {
+            console.log('onlocal');
+            if (initializing) { return; }
+            if (isHistoryMode) { return; }
+            if (readOnly) { return; }
+
+            // stringify the json and send it into chainpad
+            var shjson = stringifyDOM(inner);
+
+            module.patchText(shjson);
+            if (module.realtime.getUserDoc() !== shjson) {
+                console.error("realtime.getUserDoc() !== shjson");
+            }
+        };
+
+        cpNfInner = common.startRealtime(realtimeOptions);
+        metadataMgr = cpNfInner.metadataMgr;
+
+        Cryptpad.onLogout(function () { setEditable(false); });
+
+        /* hitting enter makes a new line, but places the cursor inside
+            of the <br> instead of the <p>. This makes it such that you
+            cannot type until you click, which is rather unnacceptable.
+            If the cursor is ever inside such a <br>, you probably want
+            to push it out to the parent element, which ought to be a
+            paragraph tag. This needs to be done on keydown, otherwise
+            the first such keypress will not be inserted into the P. */
+        inner.addEventListener('keydown', cursor.brFix);
+
+        editor.on('change', onLocal);
+
+        // export the typing tests to the window.
+        // call like `test = easyTest()`
+        // terminate the test like `test.cancel()`
+        window.easyTest = function () {
+            cursor.update();
+            var start = cursor.Range.start;
+            var test = TypingTest.testInput(inner, start.el, start.offset, onLocal);
+            onLocal();
+            return test;
+        };
+
+        $bar.find('.cke_button').click(function () {
+            var e = this;
+            var classString = e.getAttribute('class');
+            var classes = classString.split(' ').filter(function (c) {
+                return /cke_button__/.test(c);
+            });
+
+            var id = classes[0];
+            if (typeof(id) === 'string') {
+                common.feedback(id.toUpperCase());
+            }
+        });
+    };
+
+    var main = function () {
+        var Ckeditor;
+        var editor;
+        var common;
+
+        nThen(function (waitFor) {
+            ckEditorAvailable(waitFor(function (ck) {
+                Ckeditor = ck;
+                require(['/pad2/wysiwygarea-plugin.js'], waitFor());
+            }));
+            $(waitFor(function () {
+                Cryptpad.addLoadingScreen();
+            }));
+            SFCommon.create(waitFor(function (c) { module.common = common = c; }));
+        }).nThen(function (waitFor) {
+            Ckeditor.config.toolbarCanCollapse = true;
+            if (screen.height < 800) {
+                Ckeditor.config.toolbarStartupExpanded = false;
+                $('meta[name=viewport]').attr('content', 'width=device-width, initial-scale=1.0, user-scalable=no');
+            } else {
+                $('meta[name=viewport]').attr('content', 'width=device-width, initial-scale=1.0, user-scalable=yes');
+            }
+            // Used in ckeditor-config.js
+            Ckeditor.CRYPTPAD_URLARGS = ApiConfig.requireConf.urlArgs;
+            editor = Ckeditor.replace('editor1', {
+                customConfig: '/customize/ckeditor-config.js',
+            });
+            editor.on('instanceReady', waitFor());
+        }).nThen(function (/*waitFor*/) {
+            Links.addSupportForOpeningLinksInNewTab(Ckeditor);
+            Cryptpad.onError(function (info) {
+                if (info && info.type === "store") {
+                    onConnectError();
+                }
+            });
+            andThen(editor, Ckeditor, common);
+        });
+    };
+    main();
+});
diff --git a/www/pad2/outer.js b/www/pad2/outer.js
new file mode 100644
index 000000000..ef9464c10
--- /dev/null
+++ b/www/pad2/outer.js
@@ -0,0 +1,224 @@
+// Load #1, load as little as possible because we are in a race to get the loading screen up.
+define([
+    '/bower_components/nthen/index.js',
+    '/api/config',
+    'jquery',
+    '/common/requireconfig.js'
+], function (nThen, ApiConfig, $, RequireConfig) {
+    var requireConfig = RequireConfig();
+
+    // Loaded in load #2
+    var CpNfOuter;
+    var Cryptpad;
+    var Crypto;
+    var Cryptget;
+
+    var sframeChan;
+    var secret;
+    var hashes;
+
+    nThen(function (waitFor) {
+        $(waitFor());
+    }).nThen(function (waitFor) {
+        var req = {
+            cfg: requireConfig,
+            req: [ '/common/loading.js' ],
+            pfx: window.location.origin
+        };
+        window.rc = requireConfig;
+        window.apiconf = ApiConfig;
+        $('#sbox-iframe').attr('src',
+            ApiConfig.httpSafeOrigin + '/pad2/inner.html?' + requireConfig.urlArgs +
+                '#' + encodeURIComponent(JSON.stringify(req)));
+
+        // This is a cheap trick to avoid loading sframe-channel in parallel with the
+        // loading screen setup.
+        var done = waitFor();
+        var onMsg = function (msg) {
+            var data = JSON.parse(msg.data);
+            if (data.q !== 'READY') { return; }
+            window.removeEventListener('message', onMsg);
+            var _done = done;
+            done = function () { };
+            _done();
+        };
+        window.addEventListener('message', onMsg);
+
+    }).nThen(function (waitFor) {
+        // Load #2, the loading screen is up so grab whatever you need...
+        require([
+            '/common/sframe-chainpad-netflux-outer.js',
+            '/common/cryptpad-common.js',
+            '/bower_components/chainpad-crypto/crypto.js',
+            '/common/cryptget.js',
+            '/common/sframe-channel.js',
+        ], waitFor(function (_CpNfOuter, _Cryptpad, _Crypto, _Cryptget, SFrameChannel) {
+            CpNfOuter = _CpNfOuter;
+            Cryptpad = _Cryptpad;
+            Crypto = _Crypto;
+            Cryptget = _Cryptget;
+            SFrameChannel.create($('#sbox-iframe')[0].contentWindow, waitFor(function (sfc) {
+                sframeChan = sfc;
+            }));
+            Cryptpad.ready(waitFor());
+        }));
+    }).nThen(function (waitFor) {
+        secret = Cryptpad.getSecrets();
+        if (!secret.channel) {
+            // New pad: create a new random channel id
+            secret.channel = Cryptpad.createChannelId();
+        }
+        Cryptpad.getShareHashes(secret, waitFor(function (err, h) { hashes = h; }));
+    }).nThen(function (/*waitFor*/) {
+        var readOnly = secret.keys && !secret.keys.editKeyStr;
+        if (!secret.keys) { secret.keys = secret.key; }
+        var parsed = Cryptpad.parsePadUrl(window.location.href);
+        parsed.type = parsed.type.replace('pad2', 'pad');
+        if (!parsed.type) { throw new Error(); }
+        var defaultTitle = Cryptpad.getDefaultName(parsed);
+        var updateMeta = function () {
+            //console.log('EV_METADATA_UPDATE');
+            var name;
+            nThen(function (waitFor) {
+                Cryptpad.getLastName(waitFor(function (err, n) {
+                    if (err) { console.log(err); }
+                    name = n;
+                }));
+            }).nThen(function (/*waitFor*/) {
+                sframeChan.event('EV_METADATA_UPDATE', {
+                    doc: {
+                        defaultTitle: defaultTitle,
+                        type: parsed.type
+                    },
+                    user: {
+                        name: name,
+                        uid: Cryptpad.getUid(),
+                        avatar: Cryptpad.getAvatarUrl(),
+                        profile: Cryptpad.getProfileUrl(),
+                        curvePublic: Cryptpad.getProxy().curvePublic,
+                        netfluxId: Cryptpad.getNetwork().webChannels[0].myID,
+                    },
+                    priv: {
+                        accountName: Cryptpad.getAccountName(),
+                        origin: window.location.origin,
+                        pathname: window.location.pathname,
+                        readOnly: readOnly,
+                        availableHashes: hashes,
+                        isTemplate: Cryptpad.isTemplate(window.location.href),
+                        feedbackAllowed: Cryptpad.isFeedbackAllowed()
+                    }
+                });
+            });
+        };
+        Cryptpad.onDisplayNameChanged(updateMeta);
+        sframeChan.onReg('EV_METADATA_UPDATE', updateMeta);
+
+        Cryptpad.onError(function (info) {
+            console.log('error');
+            console.log(info);
+            if (info && info.type === "store") {
+                //onConnectError();
+            }
+        });
+
+        sframeChan.on('Q_ANON_RPC_MESSAGE', function (data, cb) {
+            Cryptpad.anonRpcMsg(data.msg, data.content, function (err, response) {
+                cb({error: err, response: response});
+            });
+        });
+
+        sframeChan.on('Q_SET_PAD_TITLE_IN_DRIVE', function (newTitle, cb) {
+            Cryptpad.renamePad(newTitle, undefined, function (err) {
+                if (err) { cb('ERROR'); } else { cb(); }
+            });
+        });
+
+        sframeChan.on('Q_SETTINGS_SET_DISPLAY_NAME', function (newName, cb) {
+            Cryptpad.setAttribute('username', newName, function (err) {
+                if (err) {
+                    console.log("Couldn't set username");
+                    console.error(err);
+                    cb('ERROR');
+                    return;
+                }
+                Cryptpad.changeDisplayName(newName, true);
+                cb();
+            });
+        });
+
+        sframeChan.on('Q_LOGOUT', function (data, cb) {
+            Cryptpad.logout(cb);
+        });
+
+        sframeChan.on('Q_SET_LOGIN_REDIRECT', function (data, cb) {
+            sessionStorage.redirectTo = window.location.href;
+            cb();
+        });
+
+        sframeChan.on('Q_GET_PIN_LIMIT_STATUS', function (data, cb) {
+            Cryptpad.isOverPinLimit(function (e, overLimit, limits) {
+                cb({
+                    error: e,
+                    overLimit: overLimit,
+                    limits: limits
+                });
+            });
+        });
+
+        sframeChan.on('Q_MOVE_TO_TRASH', function (data, cb) {
+            Cryptpad.moveToTrash(cb);
+        });
+
+        sframeChan.on('Q_SAVE_AS_TEMPLATE', function (data, cb) {
+            Cryptpad.saveAsTemplate(Cryptget.put, data, cb);
+        });
+
+        sframeChan.on('Q_GET_FULL_HISTORY', function (data, cb) {
+            var network = Cryptpad.getNetwork();
+            var hkn = network.historyKeeper;
+            var crypto = Crypto.createEncryptor(secret.keys);
+            // Get the history messages and send them to the iframe
+            var parse = function (msg) {
+                try {
+                    return JSON.parse(msg);
+                } catch (e) {
+                    return null;
+                }
+            };
+            var onMsg = function (msg) {
+                var parsed = parse(msg);
+                if (parsed[0] === 'FULL_HISTORY_END') {
+                    console.log('END');
+                    cb();
+                    return;
+                }
+                if (parsed[0] !== 'FULL_HISTORY') { return; }
+                if (parsed[1] && parsed[1].validateKey) { // First message
+                    secret.keys.validateKey = parsed[1].validateKey;
+                    return;
+                }
+                msg = parsed[1][4];
+                if (msg) {
+                    msg = msg.replace(/^cp\|/, '');
+                    var decryptedMsg = crypto.decrypt(msg, secret.keys.validateKey);
+                    sframeChan.event('EV_RT_HIST_MESSAGE', decryptedMsg);
+                }
+            };
+            network.on('message', onMsg);
+            network.sendto(hkn, JSON.stringify(['GET_FULL_HISTORY', secret.channel, secret.keys.validateKey]));
+        });
+
+        CpNfOuter.start({
+            sframeChan: sframeChan,
+            channel: secret.channel,
+            network: Cryptpad.getNetwork(),
+            validateKey: secret.keys.validateKey || undefined,
+            readOnly: readOnly,
+            crypto: Crypto.createEncryptor(secret.keys),
+            onConnect: function (wc) {
+                if (readOnly) { return; }
+                Cryptpad.replaceHash(Cryptpad.getEditHashFromKeys(wc.id, secret.keys));
+            }
+        });
+    });
+});
diff --git a/www/pad2/wysiwygarea-plugin.js b/www/pad2/wysiwygarea-plugin.js
new file mode 100644
index 000000000..c7f827000
--- /dev/null
+++ b/www/pad2/wysiwygarea-plugin.js
@@ -0,0 +1,735 @@
+/**
+ * @license Copyright (c) 2003-2017, CKSource - Frederico Knabben. All rights reserved.
+ * For licensing, see LICENSE.md or http://ckeditor.com/license
+ */
+
+/**
+ * @fileOverview The WYSIWYG Area plugin. It registers the "wysiwyg" editing
+ *		mode, which handles the main editing area space.
+ */
+
+define(['/api/config'], function (ApiConfig) {
+    var framedWysiwyg;
+	var iframe;
+
+	CKEDITOR.plugins.registered.wysiwygarea.init = function( editor ) {
+        if ( editor.config.fullPage ) {
+            editor.addFeature( {
+                allowedContent: 'html head title; style [media,type]; body (*)[id]; meta link [*]',
+                requiredContent: 'body'
+            } );
+        }
+
+        editor.addMode( 'wysiwyg', function( callback ) {
+            var src = 'document.open();' +
+                // In IE, the document domain must be set any time we call document.open().
+                ( CKEDITOR.env.ie ? '(' + CKEDITOR.tools.fixDomain + ')();' : '' ) +
+                'document.close();';
+
+            // With IE, the custom domain has to be taken care at first,
+            // for other browers, the 'src' attribute should be left empty to
+            // trigger iframe's 'load' event.
+            // Microsoft Edge throws "Permission Denied" if treated like an IE (http://dev.ckeditor.com/ticket/13441).
+            if ( CKEDITOR.env.air ) {
+                src = 'javascript:void(0)'; // jshint ignore:line
+            } else if ( CKEDITOR.env.ie && !CKEDITOR.env.edge ) {
+                src = 'javascript:void(function(){' + encodeURIComponent( src ) + '}())'; // jshint ignore:line
+            } else {
+                src = '';
+            }
+            
+            // CryptPad
+            src = '/pad/ckeditor-inner.html?' + ApiConfig.requireConf.urlArgs;
+
+            iframe = CKEDITOR.dom.element.createFromHtml( '<iframe src="' + src + '" frameBorder="0"></iframe>' );
+            iframe.setStyles( { width: '100%', height: '100%' } );
+            iframe.addClass( 'cke_wysiwyg_frame' ).addClass( 'cke_reset' );
+            
+            // CryptPad
+            // this is impossible because ckeditor uses some (non-inline) script inside of the iframe...
+            //iframe.setAttribute('sandbox', 'allow-same-origin');
+
+            var contentSpace = editor.ui.space( 'contents' );
+            contentSpace.append( iframe );
+
+
+            // Asynchronous iframe loading is only required in IE>8 and Gecko (other reasons probably).
+            // Do not use it on WebKit as it'll break the browser-back navigation.
+            var useOnloadEvent = ( CKEDITOR.env.ie && !CKEDITOR.env.edge ) || CKEDITOR.env.gecko;
+            if ( useOnloadEvent )
+                iframe.on( 'load', onLoad );
+
+            var frameLabel = editor.title,
+                helpLabel = editor.fire( 'ariaEditorHelpLabel', {} ).label;
+
+            if ( frameLabel ) {
+                if ( CKEDITOR.env.ie && helpLabel )
+                    frameLabel += ', ' + helpLabel;
+
+                iframe.setAttribute( 'title', frameLabel );
+            }
+
+            if ( helpLabel ) {
+                var labelId = CKEDITOR.tools.getNextId(),
+                    desc = CKEDITOR.dom.element.createFromHtml( '<span id="' + labelId + '" class="cke_voice_label">' + helpLabel + '</span>' );
+
+                contentSpace.append( desc, 1 );
+                iframe.setAttribute( 'aria-describedby', labelId );
+            }
+
+            // Remove the ARIA description.
+            editor.on( 'beforeModeUnload', function( evt ) {
+                evt.removeListener();
+                if ( desc )
+                    desc.remove();
+            } );
+
+            iframe.setAttributes( {
+                tabIndex: editor.tabIndex,
+                allowTransparency: 'true'
+            } );
+
+            // Execute onLoad manually for all non IE||Gecko browsers.
+            !useOnloadEvent && onLoad();
+
+            editor.fire( 'ariaWidget', iframe );
+
+            function onLoad( evt ) {
+                evt && evt.removeListener();
+                var fw = new framedWysiwyg( editor, iframe.$.contentWindow.document.body );
+                editor.editable( fw );
+                editor.setData( editor.getData( 1 ), callback );
+            }
+        } );
+    };
+
+	/**
+	 * Adds the path to a stylesheet file to the exisiting {@link CKEDITOR.config#contentsCss} value.
+	 *
+	 * **Note:** This method is available only with the `wysiwygarea` plugin and only affects
+	 * classic editors based on it (so it does not affect inline editors).
+	 *
+	 *		editor.addContentsCss( 'assets/contents.css' );
+	 *
+	 * @since 4.4
+	 * @param {String} cssPath The path to the stylesheet file which should be added.
+	 * @member CKEDITOR.editor
+	 */
+	CKEDITOR.editor.prototype.addContentsCss = function( cssPath ) {
+		var cfg = this.config,
+			curContentsCss = cfg.contentsCss;
+
+		// Convert current value into array.
+		if ( !CKEDITOR.tools.isArray( curContentsCss ) )
+			cfg.contentsCss = curContentsCss ? [ curContentsCss ] : [];
+
+		cfg.contentsCss.push( cssPath );
+	};
+
+	function onDomReady( win ) {
+		var editor = this.editor,
+			doc = win.document,
+			body = doc.body;
+
+		// Remove helper scripts from the DOM.
+		var script = doc.getElementById( 'cke_actscrpt' );
+		script && script.parentNode.removeChild( script );
+		script = doc.getElementById( 'cke_shimscrpt' );
+		script && script.parentNode.removeChild( script );
+		script = doc.getElementById( 'cke_basetagscrpt' );
+		script && script.parentNode.removeChild( script );
+
+		body.contentEditable = true;
+
+		if ( CKEDITOR.env.ie ) {
+			// Don't display the focus border.
+			body.hideFocus = true;
+
+			// Disable and re-enable the body to avoid IE from
+			// taking the editing focus at startup. (http://dev.ckeditor.com/ticket/141 / http://dev.ckeditor.com/ticket/523)
+			body.disabled = true;
+			body.removeAttribute( 'disabled' );
+		}
+
+		delete this._.isLoadingData;
+
+		// Play the magic to alter element reference to the reloaded one.
+		this.$ = body;
+
+		doc = new CKEDITOR.dom.document( doc );
+
+		this.setup();
+		this.fixInitialSelection();
+
+		var editable = this;
+
+		// Without it IE8 has problem with removing selection in nested editable. (http://dev.ckeditor.com/ticket/13785)
+		if ( CKEDITOR.env.ie && !CKEDITOR.env.edge ) {
+			doc.getDocumentElement().addClass( doc.$.compatMode );
+		}
+
+		// Prevent IE/Edge from leaving a new paragraph/div after deleting all contents in body. (http://dev.ckeditor.com/ticket/6966, http://dev.ckeditor.com/ticket/13142)
+		if ( CKEDITOR.env.ie && !CKEDITOR.env.edge && editor.enterMode != CKEDITOR.ENTER_P ) {
+			removeSuperfluousElement( 'p' );
+		} else if ( CKEDITOR.env.edge && editor.enterMode != CKEDITOR.ENTER_DIV ) {
+			removeSuperfluousElement( 'div' );
+		}
+
+		// Fix problem with cursor not appearing in Webkit and IE11+ when clicking below the body (http://dev.ckeditor.com/ticket/10945, http://dev.ckeditor.com/ticket/10906).
+		// Fix for older IEs (8-10 and QM) is placed inside selection.js.
+		if ( CKEDITOR.env.webkit || ( CKEDITOR.env.ie && CKEDITOR.env.version > 10 ) ) {
+			doc.getDocumentElement().on( 'mousedown', function( evt ) {
+				if ( evt.data.getTarget().is( 'html' ) ) {
+					// IE needs this timeout. Webkit does not, but it does not cause problems too.
+					setTimeout( function() {
+						editor.editable().focus();
+					} );
+				}
+			} );
+		}
+
+		// Config props: disableObjectResizing and disableNativeTableHandles handler.
+		objectResizeDisabler( editor );
+
+		// Enable dragging of position:absolute elements in IE.
+		try {
+			editor.document.$.execCommand( '2D-position', false, true );
+		} catch ( e ) {}
+
+		if ( CKEDITOR.env.gecko || CKEDITOR.env.ie && editor.document.$.compatMode == 'CSS1Compat' ) {
+			this.attachListener( this, 'keydown', function( evt ) {
+				var keyCode = evt.data.getKeystroke();
+
+				// PageUp OR PageDown
+				if ( keyCode == 33 || keyCode == 34 ) {
+					// PageUp/PageDown scrolling is broken in document
+					// with standard doctype, manually fix it. (http://dev.ckeditor.com/ticket/4736)
+					if ( CKEDITOR.env.ie ) {
+						setTimeout( function() {
+							editor.getSelection().scrollIntoView();
+						}, 0 );
+					}
+					// Page up/down cause editor selection to leak
+					// outside of editable thus we try to intercept
+					// the behavior, while it affects only happen
+					// when editor contents are not overflowed. (http://dev.ckeditor.com/ticket/7955)
+					else if ( editor.window.$.innerHeight > this.$.offsetHeight ) {
+						var range = editor.createRange();
+						range[ keyCode == 33 ? 'moveToElementEditStart' : 'moveToElementEditEnd' ]( this );
+						range.select();
+						evt.data.preventDefault();
+					}
+				}
+			} );
+		}
+
+		if ( CKEDITOR.env.ie ) {
+			// [IE] Iframe will still keep the selection when blurred, if
+			// focus is moved onto a non-editing host, e.g. link or button, but
+			// it becomes a problem for the object type selection, since the resizer
+			// handler attached on it will mark other part of the UI, especially
+			// for the dialog. (http://dev.ckeditor.com/ticket/8157)
+			// [IE<8 & Opera] Even worse For old IEs, the cursor will not vanish even if
+			// the selection has been moved to another text input in some cases. (http://dev.ckeditor.com/ticket/4716)
+			//
+			// Now the range restore is disabled, so we simply force IE to clean
+			// up the selection before blur.
+			this.attachListener( doc, 'blur', function() {
+				// Error proof when the editor is not visible. (http://dev.ckeditor.com/ticket/6375)
+				try {
+					doc.$.selection.empty();
+				} catch ( er ) {}
+			} );
+		}
+
+		if ( CKEDITOR.env.iOS ) {
+			// [iOS] If touch is bound to any parent of the iframe blur happens on any touch
+			// event and body becomes the focused element (http://dev.ckeditor.com/ticket/10714).
+			this.attachListener( doc, 'touchend', function() {
+				win.focus();
+			} );
+		}
+
+		var title = editor.document.getElementsByTag( 'title' ).getItem( 0 );
+		// document.title is malfunctioning on Chrome, so get value from the element (http://dev.ckeditor.com/ticket/12402).
+		title.data( 'cke-title', title.getText() );
+
+		// [IE] JAWS will not recognize the aria label we used on the iframe
+		// unless the frame window title string is used as the voice label,
+		// backup the original one and restore it on output.
+		if ( CKEDITOR.env.ie )
+			editor.document.$.title = this._.docTitle;
+
+		CKEDITOR.tools.setTimeout( function() {
+			// Editable is ready after first setData.
+			if ( this.status == 'unloaded' )
+				this.status = 'ready';
+
+			editor.fire( 'contentDom' );
+
+			if ( this._.isPendingFocus ) {
+				editor.focus();
+				this._.isPendingFocus = false;
+			}
+
+			setTimeout( function() {
+				editor.fire( 'dataReady' );
+			}, 0 );
+		}, 0, this );
+
+		function removeSuperfluousElement( tagName ) {
+			var lockRetain = false;
+
+			// Superfluous elements appear after keydown
+			// and before keyup, so the procedure is as follows:
+			// 1. On first keydown mark all elements with
+			// a specified tag name as non-superfluous.
+			editable.attachListener( editable, 'keydown', function() {
+				var body = doc.getBody(),
+					retained = body.getElementsByTag( tagName );
+
+				if ( !lockRetain ) {
+					for ( var i = 0; i < retained.count(); i++ ) {
+						retained.getItem( i ).setCustomData( 'retain', true );
+					}
+					lockRetain = true;
+				}
+			}, null, null, 1 );
+
+			// 2. On keyup remove all elements that were not marked
+			// as non-superfluous (which means they must have had appeared in the meantime).
+			// Also we should preserve all temporary elements inserted by editor – otherwise we'd likely
+			// leak fake selection's content into editable due to removing hidden selection container (http://dev.ckeditor.com/ticket/14831).
+			editable.attachListener( editable, 'keyup', function() {
+				var elements = doc.getElementsByTag( tagName );
+				if ( lockRetain ) {
+					if ( elements.count() == 1 && !elements.getItem( 0 ).getCustomData( 'retain' ) &&
+						!elements.getItem( 0 ).hasAttribute( 'data-cke-temp' ) ) {
+						elements.getItem( 0 ).remove( 1 );
+					}
+					lockRetain = false;
+				}
+			} );
+		}
+	}
+
+	framedWysiwyg = CKEDITOR.tools.createClass( {
+		$: function() {
+			this.base.apply( this, arguments );
+
+			this._.frameLoadedHandler = CKEDITOR.tools.addFunction( function( win ) {
+				// Avoid opening design mode in a frame window thread,
+				// which will cause host page scrolling.(http://dev.ckeditor.com/ticket/4397)
+				CKEDITOR.tools.setTimeout( onDomReady, 0, this, win );
+			}, this );
+
+			this._.docTitle = this.getWindow().getFrame().getAttribute( 'title' );
+		},
+
+		base: CKEDITOR.editable,
+
+		proto: {
+			setData: function( data, isSnapshot ) {
+                var editor = this.editor;
+
+				if ( isSnapshot ) {
+					this.setHtml( data );
+					this.fixInitialSelection();
+
+					// Fire dataReady for the consistency with inline editors
+					// and because it makes sense. (http://dev.ckeditor.com/ticket/10370)
+					editor.fire( 'dataReady' );
+				}
+				else {
+					this._.isLoadingData = true;
+					editor._.dataStore = { id: 1 };
+
+					var config = editor.config,
+						fullPage = config.fullPage,
+						docType = config.docType;
+
+					// Build the additional stuff to be included into <head>.
+                    var headExtra = CKEDITOR.tools.buildStyleHtml( iframeCssFixes() ).replace( /<style>/, '<style data-cke-temp="1">' );
+
+					if ( !fullPage )
+						headExtra += CKEDITOR.tools.buildStyleHtml( editor.config.contentsCss );
+
+					var baseTag = config.baseHref ? '<base href="' + config.baseHref + '" data-cke-temp="1" />' : '';
+
+					if ( fullPage ) {
+						// Search and sweep out the doctype declaration.
+						data = data.replace( /<!DOCTYPE[^>]*>/i, function( match ) {
+							editor.docType = docType = match;
+							return '';
+						} ).replace( /<\?xml\s[^\?]*\?>/i, function( match ) {
+							editor.xmlDeclaration = match;
+							return '';
+						} );
+					}
+
+					// Get the HTML version of the data.
+					data = editor.dataProcessor.toHtml( data );
+
+					if ( fullPage ) {
+						// Check if the <body> tag is available.
+						if ( !( /<body[\s|>]/ ).test( data ) )
+							data = '<body>' + data;
+
+						// Check if the <html> tag is available.
+						if ( !( /<html[\s|>]/ ).test( data ) )
+							data = '<html>' + data + '</html>';
+
+						// Check if the <head> tag is available.
+						if ( !( /<head[\s|>]/ ).test( data ) )
+							data = data.replace( /<html[^>]*>/, '$&<head><title></title></head>' );
+						else if ( !( /<title[\s|>]/ ).test( data ) )
+							data = data.replace( /<head[^>]*>/, '$&<title></title>' );
+
+						// The base must be the first tag in the HEAD, e.g. to get relative
+						// links on styles.
+						baseTag && ( data = data.replace( /<head[^>]*?>/, '$&' + baseTag ) );
+
+						// Inject the extra stuff into <head>.
+						// Attention: do not change it before testing it well. (V2)
+						// This is tricky... if the head ends with <meta ... content type>,
+						// Firefox will break. But, it works if we place our extra stuff as
+						// the last elements in the HEAD.
+						data = data.replace( /<\/head\s*>/, headExtra + '$&' );
+
+						// Add the DOCTYPE back to it.
+						data = docType + data;
+					} else {
+						data = config.docType +
+							'<html dir="' + config.contentsLangDirection + '"' +
+								' lang="' + ( config.contentsLanguage || editor.langCode ) + '">' +
+							'<head>' +
+								'<title>' + this._.docTitle + '</title>' +
+								baseTag +
+								headExtra +
+							'</head>' +
+							'<body' + ( config.bodyId ? ' id="' + config.bodyId + '"' : '' ) +
+								( config.bodyClass ? ' class="' + config.bodyClass + '"' : '' ) +
+							'>' +
+								data +
+							'</body>' +
+							'</html>';
+					}
+
+					if ( CKEDITOR.env.gecko ) {
+						// Hack to make Fx put cursor at the start of doc on fresh focus.
+						data = data.replace( /<body/, '<body contenteditable="true" ' );
+
+						// Another hack which is used by onDomReady to remove a leading
+						// <br> which is inserted by Firefox 3.6 when document.write is called.
+						// This additional <br> is present because of contenteditable="true"
+						if ( CKEDITOR.env.version < 20000 )
+							data = data.replace( /<body[^>]*>/, '$&<!-- cke-content-start -->'  );
+					}
+
+					// The script that launches the bootstrap logic on 'domReady', so the document
+					// is fully editable even before the editing iframe is fully loaded (http://dev.ckeditor.com/ticket/4455).
+					var bootstrapCode =
+						'<script id="cke_actscrpt" type="text/javascript"' + ( CKEDITOR.env.ie ? ' defer="defer" ' : '' ) + '>' +
+							'var wasLoaded=0;' +	// It must be always set to 0 as it remains as a window property.
+							'function onload(){' +
+								'if(!wasLoaded)' +	// FF3.6 calls onload twice when editor.setData. Stop that.
+									'window.parent.CKEDITOR.tools.callFunction(' + this._.frameLoadedHandler + ',window);' +
+								'wasLoaded=1;' +
+							'}' +
+							( CKEDITOR.env.ie ? 'onload();' : 'document.addEventListener("DOMContentLoaded", onload, false );' ) +
+                        '</script>';
+
+					// For IE<9 add support for HTML5's elements.
+					// Note: this code must not be deferred.
+					if ( CKEDITOR.env.ie && CKEDITOR.env.version < 9 ) {
+						bootstrapCode +=
+							'<script id="cke_shimscrpt">' +
+								'window.parent.CKEDITOR.tools.enableHtml5Elements(document)' +
+							'</script>';
+					}
+
+					// IE<10 needs this hack to properly enable <base href="...">.
+					// See: http://stackoverflow.com/a/13373180/1485219 (http://dev.ckeditor.com/ticket/11910).
+					if ( baseTag && CKEDITOR.env.ie && CKEDITOR.env.version < 10 ) {
+						bootstrapCode +=
+							'<script id="cke_basetagscrpt">' +
+								'var baseTag = document.querySelector( "base" );' +
+								'baseTag.href = baseTag.href;' +
+							'</script>';
+                    }
+
+					data = data.replace( /(?=\s*<\/(:?head)>)/, bootstrapCode );
+
+					// Current DOM will be deconstructed by document.write, cleanup required.
+					this.clearCustomData();
+					this.clearListeners();
+
+					editor.fire( 'contentDomUnload' );
+
+                    var doc = this.getDocument();
+                    
+                    // CryptPad
+                    var _iframe = window._iframe = iframe.$;
+					var fw = this;
+					_iframe.contentWindow.onload = function () {}
+                    var intr = setInterval(function () {
+                        //console.log(_iframe.contentWindow.document.body);
+						if (!_iframe.contentWindow) { return; }
+						if (!_iframe.contentWindow.document) { return; }
+						if (_iframe.contentWindow.document.readyState !== 'complete') { return; }
+						if (!_iframe.contentWindow.document.getElementsByTagName('title').length) { return; }
+						clearInterval(intr);
+						CKEDITOR.tools.callFunction(fw._.frameLoadedHandler, _iframe.contentWindow);
+                    }, 10);
+                    return;
+
+					// Work around Firefox bug - error prune when called from XUL (http://dev.ckeditor.com/ticket/320),
+					// defer it thanks to the async nature of this method.
+					try {
+						doc.write( data );
+					} catch ( e ) {
+						setTimeout( function() {
+							doc.write( data );
+						}, 0 );
+					}
+				}
+			},
+
+			getData: function( isSnapshot ) {
+				if ( isSnapshot )
+					return this.getHtml();
+				else {
+					var editor = this.editor,
+						config = editor.config,
+						fullPage = config.fullPage,
+						docType = fullPage && editor.docType,
+						xmlDeclaration = fullPage && editor.xmlDeclaration,
+						doc = this.getDocument();
+
+					var data = fullPage ? doc.getDocumentElement().getOuterHtml() : doc.getBody().getHtml();
+
+					// BR at the end of document is bogus node for Mozilla. (http://dev.ckeditor.com/ticket/5293).
+					// Prevent BRs from disappearing from the end of the content
+					// while enterMode is ENTER_BR (http://dev.ckeditor.com/ticket/10146).
+					if ( CKEDITOR.env.gecko && config.enterMode != CKEDITOR.ENTER_BR )
+						data = data.replace( /<br>(?=\s*(:?$|<\/body>))/, '' );
+
+					data = editor.dataProcessor.toDataFormat( data );
+
+					if ( xmlDeclaration )
+						data = xmlDeclaration + '\n' + data;
+					if ( docType )
+						data = docType + '\n' + data;
+
+					return data;
+				}
+			},
+
+			focus: function() {
+				if ( this._.isLoadingData )
+					this._.isPendingFocus = true;
+				else
+					framedWysiwyg.baseProto.focus.call( this );
+			},
+
+			detach: function() {
+				var editor = this.editor,
+					doc = editor.document,
+					iframe,
+					onResize;
+
+				// Trying to access window's frameElement property on Edge throws an exception
+				// when frame was already removed from DOM. (http://dev.ckeditor.com/ticket/13850, http://dev.ckeditor.com/ticket/13790)
+				try {
+					iframe =  editor.window.getFrame();
+				} catch ( e ) {}
+
+				framedWysiwyg.baseProto.detach.call( this );
+
+				// Memory leak proof.
+				this.clearCustomData();
+				doc.getDocumentElement().clearCustomData();
+				CKEDITOR.tools.removeFunction( this._.frameLoadedHandler );
+
+				// On IE, iframe is returned even after remove() method is called on it.
+				// Checking if parent is present fixes this issue. (http://dev.ckeditor.com/ticket/13850)
+				if ( iframe && iframe.getParent() ) {
+					iframe.clearCustomData();
+					onResize = iframe.removeCustomData( 'onResize' );
+					onResize && onResize.removeListener();
+
+					// IE BUG: When destroying editor DOM with the selection remains inside
+					// editing area would break IE7/8's selection system, we have to put the editing
+					// iframe offline first. (http://dev.ckeditor.com/ticket/3812 and http://dev.ckeditor.com/ticket/5441)
+					iframe.remove();
+				} else {
+					CKEDITOR.warn( 'editor-destroy-iframe' );
+				}
+			}
+		}
+	} );
+
+	function objectResizeDisabler( editor ) {
+		if ( CKEDITOR.env.gecko ) {
+			// FF allows to change resizing preferences by calling execCommand.
+			try {
+				var doc = editor.document.$;
+				doc.execCommand( 'enableObjectResizing', false, !editor.config.disableObjectResizing );
+				doc.execCommand( 'enableInlineTableEditing', false, !editor.config.disableNativeTableHandles );
+			} catch ( e ) {}
+		} else if ( CKEDITOR.env.ie && CKEDITOR.env.version < 11 && editor.config.disableObjectResizing ) {
+			// It's possible to prevent resizing up to IE10.
+			blockResizeStart( editor );
+		}
+
+		// Disables resizing by preventing default action on resizestart event.
+		function blockResizeStart() {
+			var lastListeningElement;
+
+			// We'll attach only one listener at a time, instead of adding it to every img, input, hr etc.
+			// Listener will be attached upon selectionChange, we'll also check if there was any element that
+			// got listener before (lastListeningElement) - if so we need to remove previous listener.
+			editor.editable().attachListener( editor, 'selectionChange', function() {
+				var selectedElement = editor.getSelection().getSelectedElement();
+
+				if ( selectedElement ) {
+					if ( lastListeningElement ) {
+						lastListeningElement.detachEvent( 'onresizestart', resizeStartListener );
+						lastListeningElement = null;
+					}
+
+					// IE requires using attachEvent, because it does not work using W3C compilant addEventListener,
+					// tested with IE10.
+					selectedElement.$.attachEvent( 'onresizestart', resizeStartListener );
+					lastListeningElement = selectedElement.$;
+				}
+			} );
+		}
+
+		function resizeStartListener( evt ) {
+			evt.returnValue = false;
+		}
+	}
+
+	function iframeCssFixes() {
+		var css = [];
+
+		// IE>=8 stricts mode doesn't have 'contentEditable' in effect
+		// on element unless it has layout. (http://dev.ckeditor.com/ticket/5562)
+		if ( CKEDITOR.document.$.documentMode >= 8 ) {
+			css.push( 'html.CSS1Compat [contenteditable=false]{min-height:0 !important}' );
+
+			var selectors = [];
+
+			for ( var tag in CKEDITOR.dtd.$removeEmpty )
+				selectors.push( 'html.CSS1Compat ' + tag + '[contenteditable=false]' );
+
+			css.push( selectors.join( ',' ) + '{display:inline-block}' );
+		}
+		// Set the HTML style to 100% to have the text cursor in affect (http://dev.ckeditor.com/ticket/6341)
+		else if ( CKEDITOR.env.gecko ) {
+			css.push( 'html{height:100% !important}' );
+			css.push( 'img:-moz-broken{-moz-force-broken-image-icon:1;min-width:24px;min-height:24px}' );
+		}
+
+		// http://dev.ckeditor.com/ticket/6341: The text cursor must be set on the editor area.
+		// http://dev.ckeditor.com/ticket/6632: Avoid having "text" shape of cursor in IE7 scrollbars.
+		css.push( 'html{cursor:text;*cursor:auto}' );
+
+		// Use correct cursor for these elements
+		css.push( 'img,input,textarea{cursor:default}' );
+
+		return css.join( '\n' );
+	}
+});
+
+/**
+ * Disables the ability to resize objects (images and tables) in the editing area.
+ *
+ *		config.disableObjectResizing = true;
+ *
+ * **Note:** Because of incomplete implementation of editing features in browsers
+ * this option does not work for inline editors (see ticket [#10197](http://dev.ckeditor.com/ticket/10197)),
+ * does not work in Internet Explorer 11+ (see [#9317](http://dev.ckeditor.com/ticket/9317#comment:16) and
+ * [IE11+ issue](https://connect.microsoft.com/IE/feedback/details/742593/please-respect-execcommand-enableobjectresizing-in-contenteditable-elements)).
+ * In Internet Explorer 8-10 this option only blocks resizing, but it is unable to hide the resize handles.
+ *
+ * @cfg
+ * @member CKEDITOR.config
+ */
+CKEDITOR.config.disableObjectResizing = false;
+
+/**
+ * Disables the "table tools" offered natively by the browser (currently
+ * Firefox only) to perform quick table editing operations, like adding or
+ * deleting rows and columns.
+ *
+ *		config.disableNativeTableHandles = false;
+ *
+ * @cfg
+ * @member CKEDITOR.config
+ */
+CKEDITOR.config.disableNativeTableHandles = true;
+
+/**
+ * Disables the built-in spell checker if the browser provides one.
+ *
+ * **Note:** Although word suggestions provided natively by the browsers will
+ * not appear in CKEditor's default context menu,
+ * users can always reach the native context menu by holding the
+ * *Ctrl* key when right-clicking if {@link #browserContextMenuOnCtrl}
+ * is enabled or you are simply not using the
+ * [context menu](http://ckeditor.com/addon/contextmenu) plugin.
+ *
+ *		config.disableNativeSpellChecker = false;
+ *
+ * @cfg
+ * @member CKEDITOR.config
+ */
+CKEDITOR.config.disableNativeSpellChecker = true;
+
+/**
+ * Language code of  the writing language which is used to author the editor
+ * content. This option accepts one single entry value in the format defined in the
+ * [Tags for Identifying Languages (BCP47)](http://www.ietf.org/rfc/bcp/bcp47.txt)
+ * IETF document and is used in the `lang` attribute.
+ *
+ *		config.contentsLanguage = 'fr';
+ *
+ * @cfg {String} [contentsLanguage=same value with editor's UI language]
+ * @member CKEDITOR.config
+ */
+
+/**
+ * The base href URL used to resolve relative and absolute URLs in the
+ * editor content.
+ *
+ *		config.baseHref = 'http://www.example.com/path/';
+ *
+ * @cfg {String} [baseHref='']
+ * @member CKEDITOR.config
+ */
+
+/**
+ * Whether to automatically create wrapping blocks around inline content inside the document body.
+ * This helps to ensure the integrity of the block *Enter* mode.
+ *
+ * **Note:** This option is deprecated. Changing the default value might introduce unpredictable usability issues and is
+ * highly unrecommended.
+ *
+ *		config.autoParagraph = false;
+ *
+ * @deprecated
+ * @since 3.6
+ * @cfg {Boolean} [autoParagraph=true]
+ * @member CKEDITOR.config
+ */
+
+/**
+ * Fired when some elements are added to the document.
+ *
+ * @event ariaWidget
+ * @member CKEDITOR.editor
+ * @param {CKEDITOR.editor} editor This editor instance.
+ * @param {CKEDITOR.dom.element} data The element being added.
+ */
\ No newline at end of file
diff --git a/www/poll/index.html b/www/poll/index.html
index c3ae1547f..3f4b53dbd 100644
--- a/www/poll/index.html
+++ b/www/poll/index.html
@@ -4,7 +4,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <title data-localization="poll_title">Zero Knowledge Date Picker</title>
-    <script async data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"
+    <script async data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"
         data-bootload="/customize/template.js"></script>
 </head>
 <body>
diff --git a/www/profile/index.html b/www/profile/index.html
index 6ee841719..5200564ce 100644
--- a/www/profile/index.html
+++ b/www/profile/index.html
@@ -6,7 +6,7 @@
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
     <link rel="icon" type="image/png" href="/customize/main-favicon.png" id="favicon"/>
-    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
 
     <link rel="stylesheet" href="/bower_components/codemirror/lib/codemirror.css">
     <link rel="stylesheet" href="/bower_components/codemirror/addon/dialog/dialog.css">
diff --git a/www/register/index.html b/www/register/index.html
index 03032969b..31d4c99f8 100644
--- a/www/register/index.html
+++ b/www/register/index.html
@@ -6,7 +6,7 @@
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
     <link rel="icon" type="image/png" href="/customize/main-favicon.png" id="favicon"/>
-    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
 </head>
 <body class="html">
     <noscript>
diff --git a/www/settings/index.html b/www/settings/index.html
index 03032969b..31d4c99f8 100644
--- a/www/settings/index.html
+++ b/www/settings/index.html
@@ -6,7 +6,7 @@
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
     <link rel="icon" type="image/png" href="/customize/main-favicon.png" id="favicon"/>
-    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
 </head>
 <body class="html">
     <noscript>
diff --git a/www/slide/index.html b/www/slide/index.html
index 866031f04..2688cbf39 100644
--- a/www/slide/index.html
+++ b/www/slide/index.html
@@ -5,7 +5,7 @@
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <meta name="referrer" content="no-referrer" />
-    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
     <style>
         html, body {
             overflow-y: hidden;
diff --git a/www/slide/inner.html b/www/slide/inner.html
index e9ececf5e..c782334b7 100644
--- a/www/slide/inner.html
+++ b/www/slide/inner.html
@@ -6,7 +6,7 @@
 
     <link rel="stylesheet" href="/bower_components/components-font-awesome/css/font-awesome.min.css">
     <script src="/bower_components/jquery/dist/jquery.min.js"></script>
-    <script async data-bootload="inner.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="inner.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
     <style>.loading-hidden { display: none; } </style>
 </head>
 <body class="loading-hidden">
diff --git a/www/todo/index.html b/www/todo/index.html
index a76879a6d..a72a3c60b 100644
--- a/www/todo/index.html
+++ b/www/todo/index.html
@@ -4,7 +4,7 @@
     <title>CryptPad</title>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
     <style>
         html, body {
             margin: 0px;
diff --git a/www/todo/inner.html b/www/todo/inner.html
index 7675ed8d3..d147387ac 100644
--- a/www/todo/inner.html
+++ b/www/todo/inner.html
@@ -3,7 +3,7 @@
 <head>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <script src="/bower_components/jquery/dist/jquery.min.js"></script>
-    <script async data-bootload="/todo/inner.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="/todo/inner.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
     <style>.loading-hidden, .loading-hidden * {display: none !important;}</style>
 </head>
 <body class="loading-hidden">
diff --git a/www/user/index.html b/www/user/index.html
index 03032969b..31d4c99f8 100644
--- a/www/user/index.html
+++ b/www/user/index.html
@@ -6,7 +6,7 @@
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
     <link rel="icon" type="image/png" href="/customize/main-favicon.png" id="favicon"/>
-    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
 </head>
 <body class="html">
     <noscript>
diff --git a/www/whiteboard/index.html b/www/whiteboard/index.html
index a31384187..a5794b8d6 100644
--- a/www/whiteboard/index.html
+++ b/www/whiteboard/index.html
@@ -3,7 +3,7 @@
 <head>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
-    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.1.15"></script>
+    <script async data-bootload="/customize/template.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
 </head>
 <body>