diff --git a/reaction.py b/reaction.py
index 531f41ac0..2536a3a98 100644
--- a/reaction.py
+++ b/reaction.py
@@ -35,7 +35,12 @@ from webfinger import webfingerHandle
 from auth import createBasicAuthHeader
 from posts import getPersonBox
 
+# the maximum number of reactions from individual actors which can be
+# added to a post. Hence an adversary can't bombard you with sockpuppet
+# generated reactions and make the post infeasibly large
+maxActorReactionsPerPost = 64
 
+# regex defining permissable emoji icon range
 emojiRegex = re.compile(r'[\u263a-\U0001f645]')
 
 
@@ -480,6 +485,9 @@ def updateReactionCollection(recentPostsCache: {},
     else:
         if not obj['reactions'].get('items'):
             obj['reactions']['items'] = []
+        # upper limit for the number of reactions on a post
+        if len(obj['reactions']['items']) >= maxActorReactionsPerPost:
+            return
         for reactionItem in obj['reactions']['items']:
             if reactionItem.get('actor') and reactionItem.get('content'):
                 if reactionItem['actor'] == actor and \
diff --git a/webapp_post.py b/webapp_post.py
index 9bdb02f26..ad71f54ff 100644
--- a/webapp_post.py
+++ b/webapp_post.py
@@ -1304,8 +1304,7 @@ def individualPostAsHtml(signingPrivateKeyPem: str,
     if not postJsonObject:
         return ''
 
-    # maximum number of different emoji reactions which can
-    # be added to a post
+    # maximum number of different emoji reactions which can be added to a post
     maxReactionTypes = 5
 
     # benchmark