I don't know much about security when it comes to Backend-JavaScript.
The only way I can imagine sanitizing the input is to use regex and replace all the unwanted characters, or split the whole string and filter/map the unwanted characters out, then join back together.
I'm also using the Oak module for Deno.
You can try out this https://deno.land/x/html_entities According to lib documentation:
HTML validity and XSS attack prevention you can achieve from XmlEntities module.
import { XmlEntities } from "https://deno.land/x/html_entities@v1.0/mod.js";
XmlEntities.encode('<>"\'&©®'); // <>"'&©®
XmlEntities.encodeNonUTF('<>"\'&©®'); // <>"'&©®
XmlEntities.encodeNonASCII('<>"\'&©®'); // <>"\'&©®
XmlEntities.decode('<>"'&©®∆'); // <>"'&©®∆