After Try Ruby came out, I thought that it would be cool to make one in Python. Not too long after Mike Meyer came out with his AJAT Try Python, which looked way cooler than the one I was working on. Still, his initial version didn't have statements, and I'm stubborn and don't like to give up on projects I've started, regardless of their feasibility.
The main obstacle was (and still is) keeping the state of each session. My first attempt with pickle didn't go over well because it didn't like non-top-level functions or classes. So I looked into twisted's jelly and it was pretty good, but it wasn't made for my purposes, so I hacked it and hacked it until the only thing left was the skeleton of their reference system and some other bits of code and called it modjelly.
Modjelly now supports most types listed in the types module by defining functions to get the attributes needed to instantiate new instances. In order to deal with the __init__ methods of the C types which do nothing, it maintains references to temporary lists which contain a single item until the new object is created (objects can have references to themselves in the arguments). Then when dereferencing the object it returns the object inside the list.
It handles classes by storing the class object and the instance and then recreating the instance with the same __dict__. Unfortunately, this doesn't work with new-style classes because object
uses descriptors in C extensively and optimized slot wrappers.
I don't have the ability to run trypython in as a different user, so I've done my best to make sure that you can't do anything malicious, but I can't think of everything.
Security Issues
You can get the source for bastille and modjelly. They aren't quite the same as the ones I actually use because my code is so messy, but they should give you a rough idea of how it works and any security holes you might find.
Why on earth would you want to try Python, anyways? After all, Ruby has Ruby on Rails and a cool AJAX tryruby which preceded this, and has people with books with cool cartoon foxes. Besides, Python has that horrible indentation-by-scope which makes your skin crawl. Plus I heard that it has bolted on and incomplete object orientation and read-only/no closures and that they force you to type 'self' until you die.
Well, I'm a random fourteen-year-old programming in his free time who has created this mostly from scratch having no prior experience with serializing/marshalling objects or making a restricted environment, and if a random kid can do this, then one of the following must be true:
Most of the work I did was with modjelly in order to deal with the fact that most builtin types don't really use __init__ because they're in C. PyPy is an implementation of Python in Python. Storing the state of an REPL session would be really easy because you'd be working with Python, not the underlying implementation. It'd also be 10 times cooler if someone wrote an REPL for PyPy. So if you have too much free time, look into PyPy!
Back to the Online Python REPL (Try Python).