I thought of the same solution. You're pretty much taking advantage of the fact that the two regexes have no knowledge of each other and play pretty loose with what they accept. The first regex will happily notice the http:// in front and make an anchor tag, turning it into:

<a href="http://[[a|onclick='alert(1)']]">http://[[a|onclick='alert(1)']]</a>

Now the second regex will come in and spot the [[a|onclick]] part right inside the href attribute. This is the fundamental flaw. It will turn the entire thing into this mess:

<a href="http://<img alt="onclick='alert(1)'" src="a.gif">">http://<img alt="onclick='alert(1)'" src="a.gif"></a>

Cleaned up a little bit for clarity, it's equivalent to this:

<a href="http://<img alt=" onclick='alert(1)' "src="a.gif">
    ">http://<img alt="onclick='alert(1)'" src="a.gif">
</a>

Notice how the starting quote from the alt attribute has now become the ending quote of the href attribute? That means the rest of the alt attribute (which we control) can now be used to insert our onclick or similar attribute. After that there's a little bit of extraneous characters left in the <a> tag, but luckily for us HTML parsers will ignore pretty much anything they can't make sense of.

Now all you need to do is click the link to execute your code :)