I believe the fix for #181225 is incomplete in the rules for Airship wysihtml parser rules.
At https://github.com/paragonie/airship/blob/58f96aa0e5002b60e74456502d9bfc9483d77b3d/src/public/js/wysihtml5/parser_rules/advanced_and_extended.js, the 'target' parameter for links is allowed to be anything, while there are no forced 'rel' attributes. Additionally, https://github.com/paragonie/airship/blob/58f96aa0e5002b60e74456502d9bfc9483d77b3d/src/public/js/wysihtml5/parser_rules/simple.js sets 'rel' to only 'nofollow'.
This could be exploited by a user who posts a link with 'target=_blank', who can then change the URL of the opening page. To fix, add 'rel="noopener noreferrer"' to the parser rules.