e.g. If the following redirects to evilsite.com from mysite.com https://www.mysite.com/http:%5C%5Cwww.Evilsite.com
I am using django 1.4 hosted on apache using mod_wsgi (latest version)
Django can not prevent all open redirects attacks automatically.
As a workaround, Django provides a helper function django.utils.http.is_safe_url. You need to check the url manually before passing the url to the redirect function. Don't implement your own your own function. Even the django core developer did not implement it correctly at the first place. Check this security release.
Reference:
Avoid open redirect issue with whitelist
Put protection against unsafe redirects into HttpResponseRedirectBase