diff --git a/storages/backends/dropbox.py b/storages/backends/dropbox.py
index 394e556b7..85904abd0 100644
--- a/storages/backends/dropbox.py
+++ b/storages/backends/dropbox.py
@@ -86,8 +86,26 @@ def __init__(self, oauth2_access_token=oauth2_access_token, root_path=location,
 
     def _full_path(self, name):
         if name == '/':
-            name = ''
-        return safe_join(self.root_path, name).replace('\\', '/')
+            name = ''        
+        # If the machine is windows do not append the drive letter to file path
+        if os.name == 'nt':
+            final_path = os.path.join(self.root_path, name).replace('\\', '/')
+            
+            # Separator on linux system
+            sep = '//'
+            base_path = self.root_path
+
+            if (not os.path.normcase(final_path).startswith(os.path.normcase(base_path + sep)) and
+                    os.path.normcase(final_path) != os.path.normcase(base_path) and
+                    os.path.dirname(os.path.normcase(base_path)) != os.path.normcase(base_path)):
+                raise SuspiciousFileOperation(
+                    'The joined path ({}) is located outside of the base path '
+                    'component ({})'.format(final_path, base_path))
+            
+            return final_path
+        
+        else:
+            return safe_join(self.root_path, name).replace('\\', '/')
 
     def delete(self, name):
         self.client.files_delete(self._full_path(name))