Check if you get something like  in the error.log when you save the dialog. If, yes, Tag is removed by the xss protection framework.
Cross-site scripting (XSS) allows attackers to inject code into web pages viewed by other users. This security vulnerability can be exploited by malicious web users to bypass access controls.
AEM applies the principle of filtering all user-supplied content upon output. Preventing XSS is given the highest priority during both development and testing.
You can overlay the "/libs/cq/xssprotection/config.xml" and update the security rules as per your business needs.
For more details check 
25.02.2019 18:29:31.815 *INFO* [10.98.144.110  GET /content/support/en_US/security.html HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The a tag contained an attribute that we could not process. The rel attribute had a value of "noopener noreferrer". This value could not be accepted for security reasons. We have chosen to remove this attribute from the tag and leave everything else in place so that we could process the input.