Thank you for the useful feedback. Typically, the proper channel to suggest features and improvements is our feedback portal: http://feedback.telerik.com/Project/108/.
I can agree at some extent that such a feature would be nice. However, it is rather the developer's responsibility to make sure that such security vulnerabilities are handled properly. The RadEditor, as a component, can enable you to further tweak it so to have always these attributes in the anchor tags.
This should be programmatically achieved using client-side and/or server-side code to ensure that the rel attribute is configured as per to the application's security requirements. Having options for that in the Hyperlink Manager could cause unneeded confusion among end users that does not have so advanced knowledge on HTML and the security vulnerabilities of this attribute.
Here you are some possible options to handle the case:
If you have any further concerns, ideas or suggestions, please make sure to post them in our feedback portal with further technical details so that the dev team can evaluate them and consider them for the roadmap of RadEditor.
Telerik by Progress
Do you need help with upgrading your ASP.NET AJAX, WPF or WinForms projects? Check the Telerik API Analyzer
and share your thoughts.