You can easily get around that by adding spaces around the "=".
The point is, it's nearly impossible to stop people from abusing HTML posting. There is pretty much always some trick you can use to get around simple word filters. You really do need to run htmlspecialchars() on all user input, or it will never be secure. If you want to add youtube embedding, you're going to have to make some way to generate the HTML code yourself, and not let a user input it.