According to Angular documentation, you need to sanitize urls before you use them, one way mentioned is bypassSecurityTrustStyle, but they don't tell you how to use it. This is how:
this.bgstyle = this.sanitizer.bypassSecurityTrustStyle(`url("${imageUrl}")`);
Sanitize the style value, including "url". And in HTML template:
<div [style.background-image]="bgStyle" ></div>