Angular

Angular sanitizes dynamic iframe URLs. For a fixed widget URL, use static markup:

<iframe
  src="https://pointr.org/en/widget/booking/your-business-slug"
  width="100%"
  height="720"
  style="border:0;border-radius:12px;max-width:480px"
  loading="lazy"
  title="Book an appointment with Pointr"
></iframe>

For a dynamic URL, use DomSanitizer only after validating the locale, widget type, and slug.

import { Component } from '@angular/core';
import { DomSanitizer, SafeResourceUrl } from '@angular/platform-browser';

@Component({
  selector: 'app-pointr-widget',
  template: `
    <iframe
      [src]="widgetUrl"
      width="100%"
      height="720"
      style="border:0;border-radius:12px;max-width:480px"
      loading="lazy"
      title="Book an appointment with Pointr"
    ></iframe>
  `,
})
export class PointrWidgetComponent {
  widgetUrl: SafeResourceUrl;

  constructor(private sanitizer: DomSanitizer) {
    this.widgetUrl = this.sanitizer.bypassSecurityTrustResourceUrl(
      'https://pointr.org/en/widget/booking/your-business-slug'
    );
  }
}