diff --git a/app/widgets/Chat/Chat.php b/app/widgets/Chat/Chat.php
index f01be284a..3f348b627 100644
--- a/app/widgets/Chat/Chat.php
+++ b/app/widgets/Chat/Chat.php
@@ -3,6 +3,10 @@
 use Moxl\Xec\Action\Message\Composing;
 use Moxl\Xec\Action\Message\Paused;
 use Moxl\Xec\Action\Message\Publish;
+
+use Moxl\Xec\Action\Muc\GetConfig;
+use Moxl\Xec\Action\Muc\SetConfig;
+
 use Respect\Validation\Validator;
 
 class Chat extends WidgetCommon
@@ -18,6 +22,8 @@ class Chat extends WidgetCommon
         $this->registerEvent('paused', 'onPaused');
         $this->registerEvent('gone', 'onGone');
         $this->registerEvent('conference_subject', 'onConferenceSubject');
+        $this->registerEvent('muc_getconfig_handle', 'onRoomConfig');
+        $this->registerEvent('muc_setconfig_handle', 'onRoomConfigSaved');
         //$this->registerEvent('presence', 'onPresence');
     }
 
@@ -104,6 +110,26 @@ class Chat extends WidgetCommon
         Header::fill($header);
     }
 
+    function onRoomConfig($packet)
+    {
+        list($config, $room) = array_values($packet->content);
+
+        $view = $this->tpl();
+        
+        $xml = new \XMPPtoForm();
+        $form = $xml->getHTML($config->x->asXML());
+
+        $view->assign('form', $form);
+        $view->assign('room', $room);
+
+        Dialog::fill($view->draw('_chat_config_room', true), true);
+    }
+
+    function onRoomConfigSaved($packet)
+    {
+        Notification::append(false, $this->__('chatroom.config_saved'));
+    }
+
     private function setState($array, $message)
     {
         list($from, $to) = $array;
@@ -167,6 +193,8 @@ class Chat extends WidgetCommon
      */
     function ajaxGetRoom($room)
     {
+        if(!$this->validateJid($room)) return;
+
         $html = $this->prepareChat($room, true);
         
         $header = $this->prepareHeaderRoom($room);
@@ -243,6 +271,8 @@ class Chat extends WidgetCommon
      * @return void
      */
     function ajaxSendComposing($to) {
+        if(!$this->validateJid($to)) return;
+
         $mc = new Composing;
         $mc->setTo($to)->request();
     }
@@ -254,10 +284,41 @@ class Chat extends WidgetCommon
      * @return void
      */
     function ajaxSendPaused($to) {
+        if(!$this->validateJid($to)) return;
+
         $mp = new Paused;
         $mp->setTo($to)->request();
     }
 
+    /**
+     * @brief Configure a room
+     *
+     * @param string $room
+     */
+    function ajaxGetRoomConfig($room)
+    {
+        if(!$this->validateJid($room)) return;
+
+        $gc = new GetConfig;
+        $gc->setTo($room)
+           ->request();
+    }
+
+    /**
+     * @brief Save the room configuration
+     *
+     * @param string $room
+     */
+    function ajaxSetRoomConfig($data, $room)
+    {
+        if(!$this->validateJid($room)) return;
+
+        $sc = new SetConfig;
+        $sc->setTo($room)
+           ->setData($data)
+           ->request();
+    }
+
     /**
      * @brief Prepare the contact header
      * 
@@ -325,6 +386,8 @@ class Chat extends WidgetCommon
 
     function prepareMessages($jid)
     {
+        if(!$this->validateJid($jid)) return;
+
         $md = new \Modl\MessageDAO();
         $messages = $md->getContact(echapJid($jid), 0, 30);
 
@@ -381,6 +444,18 @@ class Chat extends WidgetCommon
         return $view->draw('_chat_empty', true);
     }
 
+    /**
+     * @brief Validate the jid
+     *
+     * @param string $room
+     */
+    private function validateJid($jid)
+    {
+        $validate_jid = Validator::email()->noWhitespace()->length(6, 60);
+        if(!$validate_jid->validate($jid)) return false;
+        else return true;
+    }
+
     function display()
     {
         $validate_jid = Validator::email()->length(6, 40);
diff --git a/app/widgets/Chat/_chat_config_room.tpl b/app/widgets/Chat/_chat_config_room.tpl
new file mode 100644
index 000000000..ddd0d8fe4
--- /dev/null
+++ b/app/widgets/Chat/_chat_config_room.tpl
@@ -0,0 +1,13 @@
+<section class="scroll">
+    <form name="config">
+        {$form}
+    </form>
+</section>
+<div>
+    <a onclick="Dialog.clear()" class="button flat">
+        {$c->__('button.close')}
+    </a>
+    <a onclick="Chat_ajaxSetRoomConfig(movim_parse_form('config'), '{$room}'); Dialog.clear();" class="button flat">
+        {$c->__('button.save')}
+    </a>
+</div>
diff --git a/app/widgets/Chat/_chat_header_room.tpl b/app/widgets/Chat/_chat_header_room.tpl
index 935a511be..a4e9d0897 100644
--- a/app/widgets/Chat/_chat_header_room.tpl
+++ b/app/widgets/Chat/_chat_header_room.tpl
@@ -40,5 +40,8 @@
         <li onclick="Rooms_ajaxRemoveConfirm('{$room}')">
             <span>{$c->__('button.delete')}</span>
         </li>
+        <li onclick="Chat_ajaxGetRoomConfig('{$room}')">
+            <span>{$c->__('chatroom.config')}</span>
+        </li>
     </ul>
 </div>
diff --git a/app/widgets/Chat/locales.ini b/app/widgets/Chat/locales.ini
index bb04c933f..3f20fef5e 100644
--- a/app/widgets/Chat/locales.ini
+++ b/app/widgets/Chat/locales.ini
@@ -15,3 +15,5 @@ chat.empty_text         = 'Discuss with your contacts'
 chatroom.members        = 'Chatroom members'
 chatroom.connected      = 'Connected to the chatroom'
 chatroom.disconnected   = 'Disconnected from the chatroom'
+chatroom.config         = 'Get config'
+chatroom.config_saved   = 'Configuration saved'
diff --git a/app/widgets/Chats/_chats_item.tpl b/app/widgets/Chats/_chats_item.tpl
index 51f3a7cc0..163aceac1 100644
--- a/app/widgets/Chats/_chats_item.tpl
+++ b/app/widgets/Chats/_chats_item.tpl
@@ -23,7 +23,7 @@
         {if="preg_match('#^\?OTR#', $message->body)"}
             <p><i class="md md-lock"></i> {$c->__('message.encrypted')}</p>
         {else}
-            <p>{$message->body|prepareString}</p>
+            <p>{$message->body|prepareString|strip_tags}</p>
         {/if}
     {/if}
 </li>
diff --git a/app/widgets/Contact/_contact_header.tpl b/app/widgets/Contact/_contact_header.tpl
index d04ea6d7a..270d5b68f 100644
--- a/app/widgets/Contact/_contact_header.tpl
+++ b/app/widgets/Contact/_contact_header.tpl
@@ -29,10 +29,10 @@
                     </span>
                 </li>
             </ul>
-            <h2 class="active r2" onclick="MovimTpl.hidePanel(); Contact_ajaxClear();">
+            <div class="return active r2" onclick="MovimTpl.hidePanel(); Contact_ajaxClear();">
                 <span id="back" class="icon" ><i class="md md-arrow-back"></i></span>
-                {$contact->getTrueName()}
-            </h2>
+                <h2>{$contact->getTrueName()}</h2>
+            </div>
         {else}
             <ul class="active">
                 <li onclick="Roster_ajaxDisplaySearch('{$jid}')">
@@ -41,10 +41,10 @@
                     </span>
                 </li>
             </ul>
-            <h2 class="active r2" onclick="MovimTpl.hidePanel(); Contact_ajaxClear();">
+            <div class="return active r2" onclick="MovimTpl.hidePanel(); Contact_ajaxClear();">
                 <span id="back" class="icon" ><i class="md md-arrow-back"></i></span>
-                {$jid}
-            </h2>
+                <h2>{$jid}</h2>
+            </div>
         {/if}
     {/if}
 </div>
diff --git a/app/widgets/Group/_group_posts.tpl b/app/widgets/Group/_group_posts.tpl
index 1e0f3f5c6..0b3255c63 100755
--- a/app/widgets/Group/_group_posts.tpl
+++ b/app/widgets/Group/_group_posts.tpl
@@ -58,6 +58,18 @@
                         </li>
                     {/loop}
                 {/if}
+                {if="isset($value->getAttachements().pictures)"}
+                    {loop="$value->getAttachements().pictures"}
+                        <li>
+                            <a href="{$value.href}">
+                                <img
+                                    src="{$value.href}"
+                                    rel="{$value.rel}"
+                                    type="{$value.type}"/>
+                            </a>
+                        </li>
+                    {/loop}
+                {/if}
             </ul>
             {if="isset($value->getAttachements().pictures)"}
                 <ul class="flex middle">
diff --git a/app/widgets/Post/_post.tpl b/app/widgets/Post/_post.tpl
index 5fa881423..466b80b99 100644
--- a/app/widgets/Post/_post.tpl
+++ b/app/widgets/Post/_post.tpl
@@ -77,6 +77,18 @@
                     </li>
                 {/loop}
             {/if}
+            {if="isset($attachements.pictures)"}
+                {loop="$attachements.pictures"}
+                    <li>
+                        <a href="{$value.href}">
+                            <img
+                                src="{$value.href}"
+                                rel="{$value.rel}"
+                                type="{$value.type}"/>
+                        </a>
+                    </li>
+                {/loop}
+            {/if}
         </ul>
         {if="$post->isMine()"}
             <ul class="thick">
diff --git a/app/widgets/Rooms/Rooms.php b/app/widgets/Rooms/Rooms.php
index 87e649d72..ce9b89b38 100644
--- a/app/widgets/Rooms/Rooms.php
+++ b/app/widgets/Rooms/Rooms.php
@@ -5,6 +5,8 @@ use Moxl\Xec\Action\Bookmark\Get;
 use Moxl\Xec\Action\Bookmark\Set;
 use Moxl\Xec\Action\Presence\Unavailable;
 
+use Respect\Validation\Validator;
+
 class Rooms extends WidgetCommon
 {
     function load()
@@ -59,6 +61,8 @@ class Rooms extends WidgetCommon
      */
     function ajaxRemoveConfirm($room)
     {
+        if(!$this->validateRoom($room)) return;
+
         $view = $this->tpl();
 
         $view->assign('room', $room);
@@ -67,10 +71,12 @@ class Rooms extends WidgetCommon
     }
 
     /**
-     * @brief Display the remove list
+     * @brief Display the room list
      */
     function ajaxList($room)
     {
+        if(!$this->validateRoom($room)) return;
+
         $view = $this->tpl();
 
         $cd = new \Modl\ContactDAO;
@@ -84,6 +90,8 @@ class Rooms extends WidgetCommon
      */
     function ajaxRemove($room)
     {
+        if(!$this->validateRoom($room)) return;
+
         $cd = new \modl\ConferenceDAO();
         $cd->deleteNode($room);
         
@@ -93,10 +101,12 @@ class Rooms extends WidgetCommon
     /**
      * @brief Join a chatroom
      */
-    function ajaxJoin($jid, $nickname = false)
+    function ajaxJoin($room, $nickname = false)
     {
+        if(!$this->validateRoom($room)) return;
+
         $p = new Muc;
-        $p->setTo($jid);
+        $p->setTo($room);
 
         if($nickname != false) $p->setNickname($nickname);
 
@@ -110,6 +120,8 @@ class Rooms extends WidgetCommon
      */
     function ajaxExit($room)
     {
+        if(!$this->validateRoom($room)) return;
+
         $session = \Sessionx::start();
 
         $pu = new Unavailable;
@@ -180,6 +192,8 @@ class Rooms extends WidgetCommon
 
     function checkConnected($room, $resource = false)
     {
+        if(!$this->validateRoom($room)) return;
+
         $pd = new \modl\PresenceDAO();
 
         if($resource == false) {
@@ -205,6 +219,18 @@ class Rooms extends WidgetCommon
         return $view->draw('_rooms', true);
     }
 
+    /**
+     * @brief Validate the room 
+     *
+     * @param string $room
+     */
+    private function validateRoom($room)
+    {
+        $validate_server = Validator::email()->noWhitespace()->length(6, 40);
+        if(!$validate_server->validate($room)) return false;
+        else return true;
+    }
+
     function display()
     {
         $this->view->assign('list', $this->prepareRooms());
diff --git a/lib/XMPPtoForm.php b/lib/XMPPtoForm.php
index fa2dac039..401b794b9 100755
--- a/lib/XMPPtoForm.php
+++ b/lib/XMPPtoForm.php
@@ -293,6 +293,9 @@ class FormtoXMPP{
             case "command":
                 $node = $this->stream->x;
                 break;
+            default:
+                $node = $this->stream->x;
+                break;
         }
         foreach($this->inputs as $key => $value) {
             if($value === '' && $this->stream->getName() == "stream") {
diff --git a/themes/material/css/style.css b/themes/material/css/style.css
index 8f45051b9..ea26d5f01 100644
--- a/themes/material/css/style.css
+++ b/themes/material/css/style.css
@@ -287,10 +287,10 @@ main > header > div > span.icon {
 }
 
 main > header > div > .return {
-    padding-left: 9rem;
+    padding-left: 8rem;
     margin-left: -9rem;
     display: inline-block;
-    padding-right: 1rem;
+    padding-right: 2rem;
     max-width: calc(100% + 10rem);
     height: 7rem;
     box-sizing: border-box;
@@ -300,7 +300,7 @@ main > header > div > .return {
 main > header > div > .return.condensed > h2 {
     line-height: 3.5rem;
     font-size: 2.75rem;
-    margin-top: 0.6rem;
+    margin-top: 0.7rem;
     margin-bottom: -0.5rem;
 }