diff --git a/README.md b/README.md
index 1050ad1..286e994 100644
--- a/README.md
+++ b/README.md
@@ -53,6 +53,9 @@ DB_USER=dbuser DB_PASSWORD=pass DB_DB=htmlhouse PRIVATE_KEY=keys/dev PUBLIC_KEY=
 | `STATIC_DIR` | Relative dir where static files are stored | `static` |
 | `AUTO_APPROVE` | Automatically approves public posts | false |
 | `PREVIEWS_HOST` | Fully-qualified URL (without trailing slash) of screenshot server | None. |
+| `ADMIN_PASS` | Password to perform admin functions via API | `uhoh` |
+| `BROWSE_ITEMS` | Number of items to show on Browse page | 10 |
+| `BLACKLIST_TERMS` | Comma-separated list of terms to prevent a post from being made public | None. |
 | `TWITTER_KEY` | Twitter consumer key | `notreal` |
 | `TWITTER_SECRET` | Twitter consumer secret | `notreal` |
 | `TWITTER_TOKEN` | Twitter access token of the posting Twitter account | `notreal` |
diff --git a/config.go b/config.go
index 41e64b5..cbd6943 100644
--- a/config.go
+++ b/config.go
@@ -2,6 +2,8 @@ package htmlhouse
 
 import (
 	"github.com/danryan/env"
+	"regexp"
+	"strings"
 )
 
 type config struct {
@@ -23,6 +25,9 @@ type config struct {
 	AdminPass    string `env:"key=ADMIN_PASS default=uhoh"`
 	BrowseItems  int    `env:"key=BROWSE_ITEMS default=10"`
 
+	BlacklistTerms string `env:"key=BLACKLIST_TERMS"`
+	BlacklistReg   *regexp.Regexp
+
 	// Twitter configuration
 	TwitterConsumerKey    string `env:"key=TWITTER_KEY default=notreal"`
 	TwitterConsumerSecret string `env:"key=TWITTER_SECRET default=notreal"`
@@ -36,5 +41,11 @@ func newConfig() (*config, error) {
 		return cfg, err
 	}
 
+	// Process anything
+	termsReg := `(?i)\b` + cfg.BlacklistTerms + `\b`
+	termsReg = strings.Replace(termsReg, ",", `\b|\b`, -1)
+	cfg.BlacklistReg = regexp.MustCompile(termsReg)
+
+	// Return result
 	return cfg, nil
 }
diff --git a/construction.go b/construction.go
index 9e6d69d..018b449 100644
--- a/construction.go
+++ b/construction.go
@@ -7,6 +7,7 @@ import (
 	"io/ioutil"
 	"net/http"
 	"net/url"
+	"os"
 	"regexp"
 	"strconv"
 	"strings"
@@ -38,7 +39,7 @@ func createHouse(app *app, w http.ResponseWriter, r *http.Request) error {
 
 	resUser := newSessionInfo(houseID)
 
-	if public {
+	if public && passesPublicFilter(app, html) {
 		go addPublicAccess(app, houseID, html)
 	}
 
@@ -90,6 +91,10 @@ func addPublicAccess(app *app, houseID, html string) error {
 	data.Set("url", fmt.Sprintf("%s/%s.html", app.cfg.HostName, houseID))
 
 	u, err := url.ParseRequestURI(app.cfg.PreviewsHost)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error parsing request URI: %v\n", err)
+		return err
+	}
 	u.Path = "/"
 	urlStr := fmt.Sprintf("%v", u)
 
diff --git a/filter.go b/filter.go
new file mode 100644
index 0000000..0e75516
--- /dev/null
+++ b/filter.go
@@ -0,0 +1,10 @@
+package htmlhouse
+
+func passesPublicFilter(app *app, html string) bool {
+	if app.cfg.BlacklistTerms == "" {
+		return true
+	}
+
+	spam := app.cfg.BlacklistReg.MatchString(html)
+	return !spam
+}
diff --git a/session.go b/session.go
index 66a117d..4f5ad37 100644
--- a/session.go
+++ b/session.go
@@ -1,6 +1,7 @@
 package htmlhouse
 
 import (
+	"crypto/rsa"
 	"fmt"
 	jwt "github.com/dgrijalva/jwt-go"
 	"github.com/juju/errgo"
@@ -30,22 +31,32 @@ func newSessionInfo(houseID string) *sessionInfo {
 func newSessionManager(cfg *config) (sessionManager, error) {
 	mgr := &defaultSessionManager{}
 
-	var err error
-
-	mgr.signKey, err = ioutil.ReadFile(cfg.PrivateKey)
+	// Read and parse private key
+	signBytes, err := ioutil.ReadFile(cfg.PrivateKey)
+	if err != nil {
+		return mgr, errgo.Mask(err)
+	}
+	mgr.signKey, err = jwt.ParseRSAPrivateKeyFromPEM(signBytes)
 	if err != nil {
 		return mgr, errgo.Mask(err)
 	}
 
-	mgr.verifyKey, err = ioutil.ReadFile(cfg.PublicKey)
+	// Read and parse public key
+	verifyBytes, err := ioutil.ReadFile(cfg.PublicKey)
 	if err != nil {
 		return mgr, errgo.Mask(err)
 	}
+	mgr.verifyKey, err = jwt.ParseRSAPublicKeyFromPEM(verifyBytes)
+	if err != nil {
+		return mgr, errgo.Mask(err)
+	}
+
 	return mgr, nil
 }
 
 type defaultSessionManager struct {
-	verifyKey, signKey []byte
+	verifyKey *rsa.PublicKey
+	signKey   *rsa.PrivateKey
 }
 
 func (m *defaultSessionManager) readToken(r *http.Request) (string, error) {
diff --git a/templates/editor.html b/templates/editor.html
index 4743b5e..4a71e58 100644
--- a/templates/editor.html
+++ b/templates/editor.html
@@ -125,7 +125,7 @@ <h1>HTMLhouse</h1>
 			data: {html: editor.getSession().getValue(), public: $publicCheck.checked ? "true" : ""},
 			success: function(data, status, xhr) {
 				publishing = false;
-				{{if .ID}}if (data.meta.code == 200) { {{else}}if (data.meta.code == 201) {
+				{{if .ID}}if (data.code == 200) { {{else}}if (data.code == 201) {
 					var houses = JSON.parse(H.get('neighborhood', '[]'));
 					houses.push({id: data.data.id, token: xhr.getResponseHeader('Authorization')});
 					H.set('neighborhood', JSON.stringify(houses));{{end}}
@@ -133,7 +133,7 @@ <h1>HTMLhouse</h1>
 					{{if .ID}}{{else}}H.remove('constructionSite');{{end}}
 					window.location = '/' + data.data.id + '.html';
 				} else {
-					alert(data.meta.error_msg);
+					alert(data.error_msg);
 				}
 			},
 			error: function(jqXHR, status, error) {