[Security] Fixed XSS in class editor using date fields (#14930)

* fixed xss in datetime data field

* fixed xss in date data field

* changed `!==` to `!=`

bundles/AdminBundle/Resources/public/js/pimcore/object/classes/data/date.js

@@ -69,7 +69,14 @@ pimcore.object.classes.data.date = Class.create(pimcore.object.classes.data.data
             name: "defaultValue",
             cls: "object_field",
             width: 300,
-            disabled: datax.useCurrentDate
+            disabled: datax.useCurrentDate,
+            listeners: {
+                change: function (defaultDateField, newValue, oldValue) {
+                    if(typeof this.getValue() != 'object') {
+                        this.setValue(null);
+                    }
+                }
+            }
         };
 
         if (datax.defaultValue) {

bundles/AdminBundle/Resources/public/js/pimcore/object/classes/data/datetime.js

@@ -176,20 +176,18 @@ pimcore.object.classes.data.datetime = Class.create(pimcore.object.classes.data.
     },
 
     setDefaultValue:function (defaultValue, datefield, timefield) {
-
-        if (datefield.getValue()) {
+        if(datefield.getValue() && typeof datefield.getValue() === 'object') {
             var dateString = Ext.Date.format(datefield.getValue(), "Y-m-d");
 
             if (timefield.getValue()) {
                 dateString += " " + Ext.Date.format(timefield.getValue(), "H:i");
-            }
-            else {
+            } else {
                 dateString += " 00:00";
             }
 
-            defaultValue.setValue((Ext.Date.parseDate(dateString, "Y-m-d H:i").getTime())/1000);
-
+            defaultValue.setValue((Ext.Date.parseDate(dateString, "Y-m-d H:i").getTime()) / 1000);
         } else {
+            datefield.setValue(null);
             defaultValue.setValue(null);
         }
     },