below the images show that approving problem using approved user's authority.

'view unapproved problems' menu is enabled for approved user(s).

When an approved user click CSRF problem, approve value(#) problem(s).

tested in other site for study.

＜form name="csrf" action="http://~/problem/reject" method="post" target="hidden"＞
＜input type="hidden" name="id" value="91" /＞
＜/form＞
＜script＞document.csrf.submit();＜/script＞

above CSRF is remove value(91) problem using approved user's authority.

While I'm inclined to agree that rendering HTML into the problem title/description etc is super bad form, many of the problems already have markup in their descriptions. We would need to edit them all before this change could land.