1) The UI shows you all the domains that are trying to run active content, just like before, but more compact. You can allow them individually (by assigning the TRUSTED preset), leave them not running (DEFAULT), blacklisting (UNTRUSTED) or even assign CUSTOM permissions. Not just that, but better than before if you can modify each preset on the fly and even see the minimum permissions needed for the site to work (they've got a pink background).

2) To assign the TRUSTED preset temporarily, you just click it once. To make it permanent, you click the clock icon and make it fade away (temporary->permanent).

3) The XSS filter now has a "Always block requests from a.com to b.com" option, that you can use exactly the way you say you want.