diff --git a/routes/api/dms/post.js b/routes/api/dms/post.js
index 2065fa3..15870c2 100644
--- a/routes/api/dms/post.js
+++ b/routes/api/dms/post.js
@@ -57,6 +57,10 @@ module.exports = {
 
             req.body.message = encodeURIComponent(req.body.message.trim())
 
+            if(req.body.message.length > 1000) {
+                res.json({"error":"message too long"}) //check again after URI encoding it
+                return
+            }
 
             req.body.receiver = encodeURIComponent(req.body.receiver||"")
             if(req.body.receiver == "" || req.body.receiver == encodeURIComponent(res.locals.username) || req.body.receiver.length > 100) {
diff --git a/routes/api/post.js b/routes/api/post.js
index c0829d6..16ab310 100644
--- a/routes/api/post.js
+++ b/routes/api/post.js
@@ -54,6 +54,12 @@ module.exports = {
             }
 
             req.body.message = encodeURIComponent(req.body.message.trim())
+
+            if(req.body.message.length > 1000) {
+                res.json({"error":"message too long"}) //check again after URI encoding it
+                return
+            }
+
             req.body.receiver = encodeURIComponent(req.body.receiver||"")
             if(req.body.receiver == "")req.body.receiver="everyone"