Is there a JavaScript HTML template that supports both null-coalescing ("undefined") and protects against XSS?

I was looking for a JavaScript templating engine and selected DoT.js (mainly because it is very fast ) but had the following problems

• Null safe / Undefined safe / null-coalescing . As of Freemarker / VTL, I want to be able to pass foo.bar.foobar and not worry about checking foo, foo.bar and foo.bar.foobar are defined, for example avoid things like

  {{ var val='';try{ var=foo.bar.foobar }catch(){} }}{{= val}}
  
        
  
          
          
          
        
  
      

  which I feel bad about, or

  {{= typeof foo !== 'undefined'?typeof foo.bar!=='undefined'?typeof foo.bar.foobar!=='undefined'?foo.bar.foobar:'foo.bar.foobar is undefined':'foo.bar is undefined':'foo is undefined'}}
  
        
  
          
          
          
        
  
      

  which I'm not sure if I'm feeling better or worse about

• I want to have good XSS protection and just as fast DoT.js doesn't use the DOM, even with {{! }}, I don't feel comfortable that all XSS in the world will be handled by find and replace (like what if the author missed something)

  The documentation , although it's very fast, it's not that popular (yet), but the sources are so small that you can figure out most things just by reading them, but having a good community is a big benefit.

Which JavaScript templating library meets these two requirements and is still considered fast?