The Lazy Method
Pro: Quick and easy to accomplish
Con: Usually only decodes one (the first) encoding stage. Don't be disappointed if you get the next level of gibberish in your alert pop-up.
The Tom Liston Method
Con: Careful with typos. If you have a typo in the leading textarea definition, the following "document.write(txt)" will go right to the browser, as it originally would have, and the exploit will execute.
The Perl-Fu Method
Pro: Very easy and fast for use on the dumber encoding methods like XOR, cesarean ciphers (character permutations), etc. Also the "safest" method, as this approach alone does not actually execute the hostile code.
The Monkey Wrench Method
Caveat: For the first two methods mentioned, be mindful that you are actually running hostile code inside a potentially vulnerable web browser. Make sure to apply the usual precautions (VMWare or the like, deployed far away from any production network you might have, and keeping a keen eye on the firewall log, etc).
...and before you write in to ask: Yes, concrete examples on how to use the four methods above will follow later today :)