Window.opener fix bypass

## Description Due to a recent report(https://hackerone.com/reports/306414) a fix was deployed in order to resolve the tabnabbing issue. However by using a line break the fix can be bypassed. ## Steps to reproduce 1) Browse to your Phabricator instance and create a new document. 2) Now paste in the following content ``` [[ //google.com | aaa ]] ``` and see that there is indeed a rel="noreferer" tag added by clicking preview and then viewing the DOM tree. 3) Now replace the document with the following content: ``` [[ / /google.com | aaa ]] ``` and see that no tag is added. ## Impact An attacker can abuse this functionality to perform phishing attacks against users